Does a lodbalancer pass encrypted or unencrypted traffic?

June 10, 2019 242 views
Load Balancing Arch Linux

When I put a DO loadbalancer in front of a k8s cluster, does the k8s reverse proxy receive HTTP or HTTPS requests? Or another way, does the loadbalancer unencrypt everything and just forward the equivalent HTTP request back to the proxy or service?

1 Answer

You can actually configure how you would like you DOKS Loadbalancer to behave through the use of service annotations!

All loadbalancers provisioned by kubernetes are managed by the Cloud Controller Manager(CCM) running on the master. Any manual modifications to the LB through the cloud panel will be overwritten by the CCM during its reconciliation process to ensure the LB is configured properly with the state defined by the kubernetes service.

In order to configure your LB you need to use kubernetes service annotations.

For information on how to apply annotations, you can use the command:

kubectl annotate –help

Docs for DO service annotations can be found here: https://www.digitalocean.com/docs/kubernetes/how-to/configure-load-balancers/

Service annotations can also be found on our public github repository:

https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/annotations.md

Regards,

John Kwiatkoski
Senior Developer Support Engineer

  • Thanks. If I change the config of the lodabalancer do I need to delete it then rebuild it from YAML or will it pickup changes and “re-deploy” much like other k8s services?

    • Depending on what you changed the reconciler should revert back any changes you made. However if you changed the name of the LB the reconciler will not see a name it expects to see in you list of loadbalancers and it will create a new one with the proper settings.

      Regards,

      John Kwiatkoski
      Senior Developer Support Engineer

Have another answer? Share your knowledge.