In Kubernetes, what does TLS termination mean when used with an Ingress resource?
Think about where the encrypted traffic is decrypted in the flow from client to backend.
TLS termination means the Ingress controller handles decrypting the encrypted traffic from clients. It then sends plain HTTP traffic to backend services. This offloads TLS work from the backend.
Which TLS configuration snippet correctly enables TLS termination for the host example.com in a Kubernetes Ingress manifest?
Check the indentation and key names carefully for the TLS section.
The TLS section requires a list of hosts under the key hosts and the secret name under secretName. Option B matches the correct syntax.
Given an Ingress resource with TLS configured for example.com, what will kubectl describe ingress my-ingress show under the TLS section?
Look at the typical output format of kubectl describe ingress for TLS info.
The kubectl describe ingress command shows TLS hosts and secret names with keys Hosts and SecretName. Option D matches the expected output format.
You configured TLS in your Ingress with a valid secret, but HTTPS requests fail with a connection error. What is the most likely cause?
Think about what component handles TLS termination and if it is active.
If the Ingress controller is not running or does not support TLS, HTTPS connections will fail even if the Ingress resource has TLS configured. The controller must be active and properly configured.
After TLS termination at the Ingress controller, what is the best practice to secure traffic between the Ingress controller and backend services?
Consider how to protect traffic inside the cluster after TLS termination.
Even after TLS termination at the Ingress, encrypting traffic internally with mutual TLS (mTLS) between Ingress and backend services adds security by protecting internal communication.