DigitalOcean

Report this

What is the reason for this report?
Question

Is traffic between my Load Balancer and Kubernetes cluster over the VPC?

Posted on November 24, 2023
DigitalOcean Managed Load Balancers
DigitalOcean VPC
DigitalOcean Managed Kubernetes
caffeinestorm

By caffeinestorm

I’m using a managed Kubernetes instance with a Load Balancer type service. I can see that all my Kubernetes nodes have an IP from the VPC subnet (10.200.0.0/16 in my case).

Looking at the control panel for my VPC resources, I can see the worker node droplets and the Load Balancer but the Load Balancer only seems to have a public IP.

My understanding is that only traffic between IPs in the VPC subnet will be “private” so it looks to me like traffic from the Load Balancer to my Kubernetes service will not be “private”.

Will the traffic be encrypted between the Load Balancer and my cluster?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby Iliev
Bobby Iliev
November 27, 2023

Accepted Answer

Hi there,

The traffic between a managed Load Balancer and a Kubernetes cluster can indeed be within the VPC network, which is private. Basically, all resources within a VPC can communicate with each other using private networking, which doesn’t count against your bandwidth costs.

A DigitalOcean Managed Load Balancer has both public and private IP addresses when used within a VPC. The public IP is used to receive traffic from the internet, while the private IP is used for communications within the VPC network. And when you create a service of type LoadBalancer in a DigitalOcean Kubernetes cluster, the managed Load Balancer is automatically configured to send traffic to your service’s nodes using their private IP addresses within the VPC.

Traffic between the Load Balancer and the Kubernetes cluster is not encrypted by default.

It’s worth noting that even if the Load Balancer is showing only a public IP in the control panel, that doesn’t necessarily mean it isn’t using private IPs for communication within the VPC. It’s just that the private IP may not be displayed there. You can get more information about your LoadBalancer using the kubectl CLI:

kubectl describe service <LB-NAME>

Hope that this helps!

Best,

Bobby

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.