Forum Discussion
yk1
Nimbostratus
NimbostratusCan I ssl passthrough with LTM connecting to kubernetes?
Hi, I'm working on applying LTM to kubernetes cluster, and I have a question. I want to setup f5 BIG-IP controller with cluster mode, but if I do so, because of lack of virtual server's type configu...
Kevin_Davies
MVP
MVPPassthrough SSL on a standard virtual server simply means not applying any server or client SSL profile. It simply works.
yk1Thank you for your early reply, Kevin.
I tried it but my server wouldn't reply to client hello... I use tcpdump in the pod, and the request seems not to reach to the pod. The server send ACK to client hello, but doesn't send server hello. When I send request by curl to service's IP(in one of my cluster node), in other words when the request doesn't through BIG-IP, I can get index page(it worked)...
pdamicoEven its been a while since this post, I was facing a similar issue and I would like to add to Kevin's reply the following link [1] which states:
Important: HTTP profiles are incompatible with encrypted pass-through traffic, such as SSL and require a Client SSL profile to decrypt the traffic for L7 HTTP inspection. If the virtual server processing the encrypted traffic is configured with an HTTP profile and no Client SSL profile, the connection fails
In my case I was trying to setup a K8S cluster with Kubespray using an external load balancer. Initially I did what Kevin suggested as I read that before and I was sure that was the way, however, I was getting an issue initializing the first master. Checking the virtual servr I found that a HTTP profile was set (it was set by terraform) so I just set it to none and boom, kubespray finished with no issues.
I hope it helps someone because I struggled a lot with this simple thing.