Sitecore provide a number of examples (https://github.com/Sitecore/container-deployment) of implementations using containers via Kubernetes and docker compose. All examples utilise a reverse proxy for ingress (be it via traefik or nginx in the k8s examples) to access the cd, cm and id services. All of the examples terminate TLS at the reverse proxy. By default each service is running on port 80, with no TLS encryption between the reverse proxy and the service container . This is a common approach for container based deployments that remain in a secure LAN (ie. in cloud native deployments). However, does raise eyebrows with security teams that may not have extensive in these sorts of environments or with rusted on control requirements.

Read More »