Question
Is traffic between my Load Balancer and Kubernetes cluster over the VPC?
- Posted on November 24, 2023
- DigitalOcean Managed Load BalancersDigitalOcean VPCDigitalOcean Managed Kubernetes
Asked by caffeinestorm
I’m using a managed Kubernetes instance with a Load Balancer type service. I can see that all my Kubernetes nodes have an IP from the VPC subnet (10.200.0.0/16 in my case).
Looking at the control panel for my VPC resources, I can see the worker node droplets and the Load Balancer but the Load Balancer only seems to have a public IP.
My understanding is that only traffic between IPs in the VPC subnet will be “private” so it looks to me like traffic from the Load Balancer to my Kubernetes service will not be “private”.
Will the traffic be encrypted between the Load Balancer and my cluster?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Hi there,
The traffic between a managed Load Balancer and a Kubernetes cluster can indeed be within the VPC network, which is private. Basically, all resources within a VPC can communicate with each other using private networking, which doesn’t count against your bandwidth costs.
A DigitalOcean Managed Load Balancer has both public and private IP addresses when used within a VPC. The public IP is used to receive traffic from the internet, while the private IP is used for communications within the VPC network. And when you create a service of type LoadBalancer in a DigitalOcean Kubernetes cluster, the managed Load Balancer is automatically configured to send traffic to your service’s nodes using their private IP addresses within the VPC.
Traffic between the Load Balancer and the Kubernetes cluster is not encrypted by default.
It’s worth noting that even if the Load Balancer is showing only a public IP in the control panel, that doesn’t necessarily mean it isn’t using private IPs for communication within the VPC. It’s just that the private IP may not be displayed there. You can get more information about your LoadBalancer using the
kubectlCLI:Hope that this helps!
Best,
Bobby