In our managed k8s cluster, we have deployed services of type LoadBalancer. First we apply the manifest for the service (kubectl apply -f svc-lb.yml) and then adjust some additional properties (using Digital Ocean web ui), like the LoadBalancer name and SSL certificates to use.

All works fine, but each some interval time (near 30 days), all previous adjusts for the LoadBalancer are cleared and all information about name, ssl certificate, etc, are lost.

Deep into documentation, I found this advise:


Production notes

do not modify DO load-balancers manually

When creating load-balancers through CCM (via LoadBalancer-typed Services), it is important that you must not change the DO load-balancer configuration manually. Such changes will eventually be reverted by the reconciliation loop built into CCM. One exception are load-balancer names which can be changed (see also the documentation on load-balancer ID annotations).

Other than that, the only safe place to make load-balancer configuration changes is through the Service object.

so that we need to setup/modify information only using annotations

I’m trying to define LoabBalancer name, but this don’t work…

Here we can see that this annotation property is available

Specifies a custom name for the Load Balancer. Existing Load Balancers will be renamed. The name must adhere to the following rules:

- it must not be longer than 255 characters
- it must start with an alphanumeric character
- it must consist of alphanumeric characters or the '.' (dot) or '-' (dash) characters
- except for the final character which must not be '-' (dash)

If no custom name is specified, a default name is chosen consisting of the character a appended by the Service UID.

This is the service manifest:

apiVersion: v1
kind: Service
  name: tcp-loadbalancer
    # "" "" "tcp" "k8s-my-worker"     # remember tag your droplet !!! "round_robin" # options: round_robin, least_connections "443" "true" "true"
    # "your-certificate-id"
  type: LoadBalancer
    app: traefik
    - name: http
      protocol: TCP
      port: 80
      targetPort: 8000
    - name: https
      protocol: TCP
      port: 443
      targetPort: 4443
    - name: postgres-tcp
      protocol: TCP
      port: 5432
      targetPort: 25432
    - name: postgres-adapter-http
      protocol: TCP
      port: 9201
      targetPort: 29201
    - name: traefik-http
      protocol: TCP
      port: 8090
      targetPort: 8090

If we use the doctl command, this property is right:

doctl compute load-balancer create \
    --name load-balancer-1 \
    --region sfo2 \
    --forwarding-rules entry_protocol:http,entry_port:80,target_protocol:http,target_port:80

thanks in advance for your time :)

1 comment
Submit an answer

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!