Is traffic between my Load Balancer and Kubernetes cluster over the VPC?

I’m using a managed Kubernetes instance with a Load Balancer type service. I can see that all my Kubernetes nodes have an IP from the VPC subnet ( in my case).

Looking at the control panel for my VPC resources, I can see the worker node droplets and the Load Balancer but the Load Balancer only seems to have a public IP.

My understanding is that only traffic between IPs in the VPC subnet will be “private” so it looks to me like traffic from the Load Balancer to my Kubernetes service will not be “private”.

Will the traffic be encrypted between the Load Balancer and my cluster?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
November 27, 2023
Accepted Answer

Hi there,

The traffic between a managed Load Balancer and a Kubernetes cluster can indeed be within the VPC network, which is private. Basically, all resources within a VPC can communicate with each other using private networking, which doesn’t count against your bandwidth costs.

A DigitalOcean Managed Load Balancer has both public and private IP addresses when used within a VPC. The public IP is used to receive traffic from the internet, while the private IP is used for communications within the VPC network. And when you create a service of type LoadBalancer in a DigitalOcean Kubernetes cluster, the managed Load Balancer is automatically configured to send traffic to your service’s nodes using their private IP addresses within the VPC.

Traffic between the Load Balancer and the Kubernetes cluster is not encrypted by default.

It’s worth noting that even if the Load Balancer is showing only a public IP in the control panel, that doesn’t necessarily mean it isn’t using private IPs for communication within the VPC. It’s just that the private IP may not be displayed there. You can get more information about your LoadBalancer using the kubectl CLI:

kubectl describe service <LB-NAME>

Hope that this helps!



Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel