DevOps Leader
In our managed k8s cluster, we have deployed services of type LoadBalancer. First we apply the manifest for the service (kubectl apply -f svc-lb.yml) and then adjust some additional properties (using Digital Ocean web ui), like the LoadBalancer name and SSL certificates to use.
All works fine, but each some interval time (near 30 days), all previous adjusts for the LoadBalancer are cleared and all information about name, ssl certificate, etc, are lost.
Deep into documentation, I found this advise:
https://github.com/digitalocean/digitalocean-cloud-controller-manager
where…
Production notes
do not modify DO load-balancers manually
When creating load-balancers through CCM (via LoadBalancer-typed Services), it is important that you must not change the DO load-balancer configuration manually. Such changes will eventually be reverted by the reconciliation loop built into CCM. One exception are load-balancer names which can be changed (see also the documentation on load-balancer ID annotations).
Other than that, the only safe place to make load-balancer configuration changes is through the Service object.
so that we need to setup/modify information only using annotations
I’m trying to define LoabBalancer name, but this don’t work…
Here https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/annotations.md we can see that this annotation property is available
service.beta.kubernetes.io/do-loadbalancer-name
Specifies a custom name for the Load Balancer. Existing Load Balancers will be renamed. The name must adhere to the following rules:
- it must not be longer than 255 characters
- it must start with an alphanumeric character
- it must consist of alphanumeric characters or the '.' (dot) or '-' (dash) characters
- except for the final character which must not be '-' (dash)
If no custom name is specified, a default name is chosen consisting of the character a appended by the Service UID.
This is the service manifest:
---
apiVersion: v1
kind: Service
metadata:
name: tcp-loadbalancer
annotations:
# https://developers.digitalocean.com/documentation/v2/#load-balancers
# https://www.digitalocean.com/docs/kubernetes/how-to/configure-load-balancers/
service.beta.kubernetes.io/do-loadbalancer-name: "my.example.com"
service.beta.kubernetes.io/do-loadbalancer-hostname: "my.example.com"
service.beta.kubernetes.io/do-loadbalancer-protocol: "tcp"
service.beta.kubernetes.io/do-loadbalancer-tag: "k8s-my-worker" # remember tag your droplet !!!
service.beta.kubernetes.io/do-loadbalancer-algorithm: "round_robin" # options: round_robin, least_connections
service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
service.beta.kubernetes.io/do-loadbalancer-tls-passthrough: "true"
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
# service.beta.kubernetes.io/do-loadbalancer-certificate-id: "your-certificate-id"
spec:
type: LoadBalancer
selector:
app: traefik
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8000
- name: https
protocol: TCP
port: 443
targetPort: 4443
- name: postgres-tcp
protocol: TCP
port: 5432
targetPort: 25432
- name: postgres-adapter-http
protocol: TCP
port: 9201
targetPort: 29201
- name: traefik-http
protocol: TCP
port: 8090
targetPort: 8090
If we use the doctl command, this property is right:
doctl compute load-balancer create \
--name load-balancer-1 \
--region sfo2 \
--forwarding-rules entry_protocol:http,entry_port:80,target_protocol:http,target_port:80
thanks in advance for your time :)
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
This comment has been deleted
Hi there,
Your Kubernetes Service manifest looks correct. It is indeed advised not to manually modify the properties of Load Balancers created by the DigitalOcean Cloud Controller Manager (CCM), as these changes will eventually be overwritten by the CCM’s reconciliation process.
Regarding the issue itself, there was a similar discussion about this here mentioning that the feature to name Load Balancers through an annotation was only added in the release v0.1.24. If you use DigitalOcean’s managed Kubernetes service, you should be able to benefit from all features and bug-fixes shipping with CCM v0.1.24 in the next batch of DOKS releases. For self-managed clusters, you should make sure that you run this very CCM version.
Best,
Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.