Teams should keep ingress-nginx focused on traffic routing and move authorization to an identity-aware control point in front of internal services. That separates networking from governance, lets policy evaluate identity and context on every request, and avoids the inconsistency that comes from embedding auth logic inside each application or depending on VPN trust.
Why This Matters for Security Teams
Internal Kubernetes access is often treated as a networking problem, but that framing breaks down as soon as workloads, service accounts, and automation begin acting like identities with their own privileges. If ingress-nginx is doing more than routing, teams risk mixing traffic handling with authorisation decisions, which makes policy inconsistent and hard to audit. The better model is identity-aware governance at the request boundary, aligned to the OWASP Non-Human Identity Top 10 and the broader governance posture described in Ultimate Guide to NHIs.
NHI Mgmt Group’s research shows why this matters operationally: only 5.7% of organisations have full visibility into their service accounts. That lack of visibility makes it difficult to know which internal services can reach which clusters, namespaces, or APIs, especially when credentials are shared, long-lived, or embedded in pipelines. Governance needs to follow the identity, not the ingress path.
In practice, many security teams encounter unauthorised east-west access only after service-to-service trust has already been overextended across the cluster.
How It Works in Practice
The practical pattern is to keep ingress-nginx limited to routing and TLS termination, then place authorisation at an identity-aware control point in front of internal services. That control point should evaluate who or what is making the request, what workload identity it presents, and whether the action is allowed for that context. This approach fits the current guidance in NIST Cybersecurity Framework 2.0, which emphasises governance, access control, and continuous risk management rather than static perimeter trust.
In Kubernetes environments, the strongest implementations usually combine service account identity, short-lived tokens, and policy evaluation at request time. That can be delivered through an API gateway, service mesh, internal reverse proxy, or custom authorisation service, as long as the decision is based on verified identity and current context rather than a blanket network allow rule. For NHI governance, the key is that the policy engine can distinguish between a build job, a production microservice, and an administrative automation task.
- Use workload identity as the primary signal for internal access decisions.
- Issue short-lived credentials or tokens per workload or per session, not long-term shared secrets.
- Evaluate policy at runtime so namespace, method, path, and caller context all matter.
- Log authorisation decisions centrally so service access can be reviewed and revoked.
This also reduces the tendency to duplicate auth logic in each service, which is a common source of drift and bypass. The governance model described in Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs is especially relevant here, because internal access only stays safe when issuance, rotation, and revocation are all tied to lifecycle events. These controls tend to break down when legacy apps expect network-level trust only, because they cannot reliably consume per-request identity and policy decisions.
Common Variations and Edge Cases
Tighter internal authorisation often increases operational overhead, requiring organisations to balance stronger access control against latency, policy complexity, and service-owner adoption. That tradeoff is especially visible in Kubernetes estates with many namespaces, mixed legacy workloads, or teams that still rely on sidecar-free deployments. Current guidance suggests that there is no universal standard for this yet, so the control point can vary as long as the security outcome is consistent.
One common edge case is service-to-service traffic that never leaves the cluster. Some teams assume that internal traffic is inherently trusted, but that assumption is weak when pods are ephemeral and identities are reused. Another edge case is administrative automation, where CI/CD systems, operators, and controllers may all need different internal permissions. Those paths should be governed separately, not collapsed into one broad cluster role.
For teams building their program, the Top 10 NHI Issues and the 52 NHI Breaches Analysis both reinforce the same lesson: internal access fails when identities are overprivileged, poorly rotated, or invisible. The practical answer is not to make ingress-nginx smarter, but to make internal authorisation more explicit, more contextual, and easier to audit.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Directly covers credential lifecycle and internal NHI access risk. |
| NIST CSF 2.0 | PR.AC-4 | Addresses access control for internal services and identities. |
| OWASP Agentic AI Top 10 | A1 | Relevant where automated workloads act with autonomous execution authority. |
Enforce least privilege for service identities and review internal access decisions continuously.
Related resources from NHI Mgmt Group
- How should security teams govern AI agent access without relying only on behavioral monitoring?
- How should security teams govern internal Kubernetes tools without a VPN?
- How should security teams govern agent-native payments without creating new shadow access paths?
- How should teams secure data at rest without relying on encryption alone?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
