Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How to correctly handle certificates and secrets for private docker registry. Question Question
Is it possible to generate SSL dynamically for wildcard TLDs (not subdomains) with DO load balancers? Question Question

Question

How do I set loadbalancer name from kubernetes manifest?

Posted April 10, 2020 3.1k views
DigitalOcean Managed KubernetesDigitalOcean Managed Load BalancersDigitalOcean API and CLI (doctl)

In our managed k8s cluster, we have deployed services of type LoadBalancer. First we apply the manifest for the service (kubectl apply -f svc-lb.yml) and then adjust some additional properties (using Digital Ocean web ui), like the LoadBalancer name and SSL certificates to use.

All works fine, but each some interval time (near 30 days), all previous adjusts for the LoadBalancer are cleared and all information about name, ssl certificate, etc, are lost.

Deep into documentation, I found this advise:

https://github.com/digitalocean/digitalocean-cloud-controller-manager

where....

Production notes

do not modify DO load-balancers manually

When creating load-balancers through CCM (via LoadBalancer-typed Services), it is important that you must not change the DO load-balancer configuration manually. Such changes will eventually be reverted by the reconciliation loop built into CCM. One exception are load-balancer names which can be changed (see also the documentation on load-balancer ID annotations).

Other than that, the only safe place to make load-balancer configuration changes is through the Service object.

so that we need to setup/modify information only using annotations

I’m trying to define LoabBalancer name, but this don’t work…

Here https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/annotations.md we can see that this annotation property is available

service.beta.kubernetes.io/do-loadbalancer-name

Specifies a custom name for the Load Balancer. Existing Load Balancers will be renamed. The name must adhere to the following rules:

- it must not be longer than 255 characters
- it must start with an alphanumeric character
- it must consist of alphanumeric characters or the '.' (dot) or '-' (dash) characters
- except for the final character which must not be '-' (dash)

If no custom name is specified, a default name is chosen consisting of the character a appended by the Service UID.

This is the service manifest:

---
apiVersion: v1
kind: Service
metadata:
  name: tcp-loadbalancer
  annotations:
    # https://developers.digitalocean.com/documentation/v2/#load-balancers
    # https://www.digitalocean.com/docs/kubernetes/how-to/configure-load-balancers/
    service.beta.kubernetes.io/do-loadbalancer-name: "my.example.com"
    service.beta.kubernetes.io/do-loadbalancer-hostname: "my.example.com"
    service.beta.kubernetes.io/do-loadbalancer-protocol: "tcp"
    service.beta.kubernetes.io/do-loadbalancer-tag: "k8s-my-worker"     # remember tag your droplet !!!
    service.beta.kubernetes.io/do-loadbalancer-algorithm: "round_robin" # options: round_robin, least_connections
    service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
    service.beta.kubernetes.io/do-loadbalancer-tls-passthrough: "true"
    service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
    # service.beta.kubernetes.io/do-loadbalancer-certificate-id: "your-certificate-id"
spec:
  type: LoadBalancer
  selector:
    app: traefik
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 8000
    - name: https
      protocol: TCP
      port: 443
      targetPort: 4443
    - name: postgres-tcp
      protocol: TCP
      port: 5432
      targetPort: 25432
    - name: postgres-adapter-http
      protocol: TCP
      port: 9201
      targetPort: 29201
    - name: traefik-http
      protocol: TCP
      port: 8090
      targetPort: 8090

If we use the doctl command, this property is right:

doctl compute load-balancer create \
    --name load-balancer-1 \
    --region sfo2 \
    --forwarding-rules entry_protocol:http,entry_port:80,target_protocol:http,target_port:80

thanks in advance for your time :)

Add a comment
hejeroaz
By:
hejeroaz

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How to correctly handle certificates and secrets for private docker registry. Question Question
Is it possible to generate SSL dynamically for wildcard TLDs (not subdomains) with DO load balancers? Question Question
Add a comment
2 comments

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
Huggzorx July 14, 2020
[deleted]
Reply Report

Related

Looking for something else?

Ask a new question Search for more help