I’m using a managed Kubernetes instance with a Load Balancer type service. I can see that all my Kubernetes nodes have an IP from the VPC subnet (10.200.0.0/16
in my case).
Looking at the control panel for my VPC resources, I can see the worker node droplets and the Load Balancer but the Load Balancer only seems to have a public IP.
My understanding is that only traffic between IPs in the VPC subnet will be “private” so it looks to me like traffic from the Load Balancer to my Kubernetes service will not be “private”.
Will the traffic be encrypted between the Load Balancer and my cluster?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Hi there,
The traffic between a managed Load Balancer and a Kubernetes cluster can indeed be within the VPC network, which is private. Basically, all resources within a VPC can communicate with each other using private networking, which doesn’t count against your bandwidth costs.
A DigitalOcean Managed Load Balancer has both public and private IP addresses when used within a VPC. The public IP is used to receive traffic from the internet, while the private IP is used for communications within the VPC network. And when you create a service of type LoadBalancer in a DigitalOcean Kubernetes cluster, the managed Load Balancer is automatically configured to send traffic to your service’s nodes using their private IP addresses within the VPC.
Traffic between the Load Balancer and the Kubernetes cluster is not encrypted by default.
It’s worth noting that even if the Load Balancer is showing only a public IP in the control panel, that doesn’t necessarily mean it isn’t using private IPs for communication within the VPC. It’s just that the private IP may not be displayed there. You can get more information about your LoadBalancer using the kubectl
CLI:
kubectl describe service <LB-NAME>
Hope that this helps!
Best,
Bobby
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.