I’m trying to gain more control over the cloud resources created by my deployments, but I’m finding the “magic” that the do agent performs to translate k8s resources into DO resources (e.g. load balancers) to be hard to opt-out of. Is there a way to turn off some of those features for the cluster? Here’s a few things I’m running into:
LoadBalancer service automatically creates a DO load balancer asynchronously. There appears to be a way to stop this if I provide a custom annotation including the load balancer ID, but 1) this requires using provider specific annotations which I’m trying to avoid, and 2) this requires the LB to exist before the service exists.
Every time I create a
NodePort service it automatically opens up the port to the public via the firewall rules. I don’t need this because I plan on creating and connecting a DO load balancer to the nodeport. Again, I can turn this off with an annotation, but once again its an annotation specific to DO, and more importantly specific to that service resource.
Can I just create k8s resources and have DigitalOcean do nothing without custom annotations on every resource?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
That is the common behavior within cloud providers. Creating a
Loadbalancerservice automatically binds it to a provider Load Balancer. If you don’t need it don’t use the
LoadBalancerservice type (or use the custom annotation, if you are using Helm you can add it conditionally based on the provider name in the templates)
If you are going to create a
NodePortservice and then attach a DO Load Balancer then why don’t you use
LoadBalancerinstead? I can’t see the benefit or using
NodePortin this case.
Due to the nature of the managed service, I don’t believe that this is possible.
What you could do however is, in case that you want to have full control over your cluster, you could setup an unmanaged cluster on a few Droplets. That way you will have root access to your servers and cluster and you will be able to make any changes that you need.
You can follow the step on how to do that here:
Hope that this helps!
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Sign up now