-
-
Notifications
You must be signed in to change notification settings - Fork 316
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't access control-planes with proxied DNS entries from cloudflare #1277
Comments
@maaft Are you sure it wasn't the dns that needed time to propagate? |
@maaft If you click the orange cloud to disable proxying, does it work? Also |
@mysticaltech I should've mentioned that as soon as I disable "proxy" mode at cloudflare, the connection works flawlessly. Thing is, I'd really like to use proxied DNS. Without proxy, it returns the correct IPs. Hm, probably proxied DNS entries use their own SSL certificate and that is what confuses |
@maaft Hmm, maybe check cloudflare's ssl settings, choose source to clouflare to not enforce ssl, because it's already encrypted. It will only enforce from your machine to cloudflare. Try that! |
Moving this to a discussion because it's probably not a bug on our side. But will continue to assist the best I can. |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Description
When using cloudflare proxied DNS records, you cannot talk to K8S API, even when
additional_tls_san
is set correctly.This makes it impossible to configure firewall such that only connections coming from cloudflare are allowed.
Steps to reproduce:
kubectl get nodes
) -> connection does not work / freezeKube.tf file
Screenshots
No response
Platform
Linux
The text was updated successfully, but these errors were encountered: