Closed maaft closed 8 months ago
@maaft Are you sure it wasn't the dns that needed time to propagate?
@maaft If you click the orange cloud to disable proxying, does it work?
Also dig +a your-domain.com
to know which ip it's returning without proxy, and check if it's the correct one.
@mysticaltech I should've mentioned that as soon as I disable "proxy" mode at cloudflare, the connection works flawlessly. Thing is, I'd really like to use proxied DNS.
Without proxy, it returns the correct IPs.
Hm, probably proxied DNS entries use their own SSL certificate and that is what confuses kubectl
since it doesn't match public key in kubeconfig?
@maaft Hmm, maybe check cloudflare's ssl settings, choose source to clouflare to not enforce ssl, because it's already encrypted. It will only enforce from your machine to cloudflare. Try that!
Moving this to a discussion because it's probably not a bug on our side. But will continue to assist the best I can.
Description
When using cloudflare proxied DNS records, you cannot talk to K8S API, even when
additional_tls_san
is set correctly.This makes it impossible to configure firewall such that only connections coming from cloudflare are allowed.
Steps to reproduce:
kubectl get nodes
) -> connection does not work / freezeKube.tf file
Screenshots
No response
Platform
Linux