I have manually (via web-based Control Panel) set SSL termination and SSL redirect on my Kubernetes’ managed DO Load Balancer (which is managing my SSL cert). Unfortunately whenever there is a patch or I reconfigure nodes, Kubernetes is resetting back to default values. It looks like you can set SSL redirect through configuration ([https://www.digitalocean.com/docs/kubernetes/how-to/configure-load-balancers/](here)) but I don’t see a way to take inbound SSL traffic on the Load Balancer and send it along to the non-SSL port on Kubernetes Droplet. Any thoughts? Any better ways to do this?

Using the following..
https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.1/deploy/static/mandatory.yaml
https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.1/deploy/static/provider/cloud-generic.yaml

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hey,

All loadbalancers provisioned by Kubernetes are managed by the Cloud Controller Manager(CCM) running on the master. Any manual modifications to the LB through the cloud panel will be overwritten by the CCM during its reconciliation process to ensure the LB is configured properly with the state defined by the kubernetes service.

In order to configure your LB you need to use Kubernetes service annotations.

For information on how to apply annotations, you can use the command:

kubectl annotate –help

Docs for DO service annotations can be found here: https://www.digitalocean.com/docs/kubernetes/how-to/configure-load-balancers/

Service annotations can also be found on our public github repository:

https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/annotations.md​​​​​​​

Submit an Answer