I have a Swarm Cluster and want to communicate securely between Windows Worker Nodes. The official Docker Documentation (https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/) states:
The nodes in a swarm use mutual Transport Layer Security (TLS) to authenticate, authorize, and encrypt the communications with other nodes in the swarm.
Looking at the image further down the documentation page, I suspect that actually only management plane communication
- between Manager Nodes themselves and
- between Manager Nodes and Worker Nodes
is secured. This would mean that I have to secure my communication by other means. Other sources (https://medium.com/lucjuggery/create-a-swarm-cluster-with-docker-1-12-swarm-mode-541449114c27, https://www.dasher.com/containers-os-virtualization-to-workload-virtualization/, https://collabnix.com/docker-1-12-swarm-mode-under-the-hood/, https://upcloud.com/community/tutorials/docker-swarm-orchestration/) say that communication between Worker Nodes is mutual TLS secured by default too. However, I can't see where these sources base this information on. To me it appears unfounded.
This leads me to the following questions: Is mutual TLS between nodes
- limited to management plane communication or
- is all communication between Worker Nodes secured too?
If 1., are there other means to easily secure my communication except building mutual TLS into my containers by myself?
