Related

Product Managed Load Balancers on DigitalOcean Product
DO Load Balancer limits Question Question
How to point the DO load balancer from other DNS provider? Question Question

Question

Kubernetes Load Balancer HTTPS Redirect Disabled During Cluster Upgrade

Posted January 8, 2021 298 views
Load BalancingDigitalOcean Managed Load Balancers

I have a frontend web server I’m hosting using DigitalOcean Kubernetes, and created a load balancer to serve traffic through. I created the load balancer using kubectl expose and then set it to redirect https traffic to http through the DigitalOcean website. I’ve noticed that every time I upgrade the Kubernetes cluster version it resets the load balancer’s settings, preventing any secure https traffic coming through. Is this intended behavior? How can I permanently setup https redirect? I’m assuming one of two things is happening:

  1. I’m not supposed to be able to edit load balancers that were created through Kubernetes, but this behavior was accidentally allowed through the UI

  2. The Kubernetes upgrade process inadvertently wipes all load balancer settings for balancers associated with the cluster that’s being upgraded

Any help is much appreciated, thanks!

Add a comment
tvolk131
By:
tvolk131

Related

Product Managed Load Balancers on DigitalOcean Product
DO Load Balancer limits Question Question
How to point the DO load balancer from other DNS provider? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
tvolk131 April 24, 2021

Not sure if anyone else has experienced this same problem, but I was able to fix it! Option #1 seems closest to reality. From my understanding, Kubernetes-owned load balancers should be configured completely using Kubernetes annotations, not through the UI. These resources helped me determine what was going on:

And in case anyone else is also trying to setup a load balancer with SSL redirect and a DigitalOcean-managed SSL certificate, here’s my final service definition:

apiVersion: v1
kind: Service
metadata:
  name: frontend-service
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-certificate-id: "your-certificate-id-here"
    service.beta.kubernetes.io/do-loadbalancer-hostname: "crusty.cards"
    service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
    service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
    service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
spec:
  type: LoadBalancer
  ports:
    - name: http
      port: 80
      targetPort: 80
    - name: https
      port: 443
      targetPort: 80
  selector:
    app: frontend

If anyone from the DigitalOcean team is reading this… I think it would make a lot of sense to disallow modification of load balancer settings through the UI for Kubernetes-managed load balancers, and instead state that all settings must be changed through the use of annotations, and provide links to some of the resources listed above. That would have saved me hours of work and frustration.

Reply Report

Related

Looking for something else?

Ask a new question Search for more help