View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Access to external NodeBalancer IP from inside Kubernetes Cluster
Log in to Ask a Question

Access to external NodeBalancer IP from inside Kubernetes Cluster

Hi,

I have a Kubernetes cluster setup. There is a single NodeBalancer defined (ports 80 and 443). IP address == 23.92.23.229.

I can access services inside k8s cluster form the outside just fine. I am setting up Keycloak running on the same cluster. Apparently the well known openid-configuration url (in my case: https://keycloak.wetsnow.com/auth/realms/wetsnow/.well-known/openid-configuration) needs to work from both the outside world (it does) and from the pod in the kubernetes cluster (it doesn't).

This isn't specific to keycloak, I can't access any services behind the public ip (23.92.23.229) from inside the k8s cluster.

(The NodeBalancer is setup as L4 and sends all traffic to an envoy proxy (ambassador).)

Is this something that should work? Here's a busybox running inside the cluster:

root@busybox:/# curl https://keycloak.wetsnow.com
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to keycloak.wetsnow.com:443

Thank you
Dan

1 Reply

Hmm, is this the fix

It sounds like my problem is the same as the one described here

DO has a workaround here

It looks like that was committed 9 days ago.. when would it show up in production?

Thank you
Dan

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct