Hi everyone,
I’m trying to set up suricata as an inline IPS in my k8s cluster to protect a web application running in a pod.
Since incoming traffic is encrypted (https), I’m considering placing suricata between the nginx reverse proxy and the backend web server pod. This way, suricata can inspect cleartext http traffic after TLS termination, decide whether the traffic is legitimate, and only allow valid requests to reach the backend.
My questions:
- Is this setup technically feasible, and are there any best practices for it?
- How can I manage pod-to-pod traffic redirection in k8s so that suricata actually sits in the traffic path?
- Are there alternative approaches to protect backend services from malicious http traffic within a k8s environment?
Any insights, experiences, or configuration examples are welcome.
Thanks in advance!
Daniel