Question

Does a lodbalancer pass encrypted or unencrypted traffic?

Posted June 10, 2019 372 views
Arch Linux Load Balancing

When I put a DO loadbalancer in front of a k8s cluster, does the k8s reverse proxy receive HTTP or HTTPS requests? Or another way, does the loadbalancer unencrypt everything and just forward the equivalent HTTP request back to the proxy or service?

Add a comment
jasonleach
By:
jasonleach
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer
jkwiatkoski June 10, 2019

You can actually configure how you would like you DOKS Loadbalancer to behave through the use of service annotations!

All loadbalancers provisioned by kubernetes are managed by the Cloud Controller Manager(CCM) running on the master. Any manual modifications to the LB through the cloud panel will be overwritten by the CCM during its reconciliation process to ensure the LB is configured properly with the state defined by the kubernetes service.

In order to configure your LB you need to use kubernetes service annotations.

For information on how to apply annotations, you can use the command:

kubectl annotate –help

Docs for DO service annotations can be found here: https://www.digitalocean.com/docs/kubernetes/how-to/configure-load-balancers/

Service annotations can also be found on our public github repository:

https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/annotations.md

Regards,

John Kwiatkoski
Senior Developer Support Engineer

Reply Report
  • jasonleach June 10, 2019

    Thanks. If I change the config of the lodabalancer do I need to delete it then rebuild it from YAML or will it pickup changes and “re-deploy” much like other k8s services?

    Reply Report
    • jkwiatkoski June 10, 2019

      Depending on what you changed the reconciler should revert back any changes you made. However if you changed the name of the LB the reconciler will not see a name it expects to see in you list of loadbalancers and it will create a new one with the proper settings.

      Regards,

      John Kwiatkoski
      Senior Developer Support Engineer

      Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help