Question

Is there a managed load balancer with HTTPS support for DigitalOcean Kubernetes?

Posted July 8, 2021 502 views
Load BalancingLet's EncryptDigitalOcean Managed Kubernetes

It’s easy to deploy a set of docker containers to DigitalOcean Kubernetes. It’s fairly easy to add an NGINX Ingress load balancer to make it visible to the outside world.

It’s not that easy at all to configure HTTPS certificates (kubectl, helm, lot of YAML files) and domains and making sure that the certificates get created - a lot of hassle.

I would gladly pay for a “managed” load balancer that would be just as easy to set up as in case of a DigitalOcean App or a Droplet:
1) create an A record
2) tell DigitalOcean the name of my domain
-> DONE.

In addition to the simplicity I also get CloudFlare’s security and CDN.

Is there anything similar to that available to Kubernetes on DigitalOcean?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi there,

I think that this should be doable with the DigitalOcean managed Load balancers, according to the documentation here. You’ll have to create the SSL certificate or upload it first as per the instructions here:

https://docs.digitalocean.com/products/networking/load-balancers/how-to/ssl-termination/

Then you can reference the certificate’s ID in the load balancer’s configuration file.

The example below creates a load balancer using an SSL certificate:

---
kind: Service
apiVersion: v1
metadata:
  name: https-with-cert
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-protocol: "https"
    service.beta.kubernetes.io/do-loadbalancer-certificate-id: "your-certificate-id"
spec:
  type: LoadBalancer
  selector:
    app: nginx-example
  ports:
    - name: https
      protocol: TCP
      port: 443
      targetPort: 80

Regards,
Bobby

  • @bobbyiliev

    Thanks! I managed to do it and it seems to be working :) My cluster isn’t but I can hit the load balancer over HTTPS which I couldn’t.

    Just to recap what I did:

    1) When I went to my load balancer which is attached to Kubernetes, I could see the following forwarding rules:

    TCP 80 -> TCP 31659
    TCP 443 -> TCP 31619

    2) I deleted the second rule (443)

    3) I added HTTPS 443 (instead of TCP 443), then it asked me for a SSL certificate (like on the screenshot in the docs you mentioned), I chose to create a new one, it was created immediately. Finally I forwarded this to the standard HTTP port of the load balancer, so my rules look like this right now:

    TCP 80 -> TCP 31659
    HTTPS 443 -> TCP 31659 # note that the ports on the right side are the same

    This way I can use HTTPS to access the load balancer inside of Kubernetes.