DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Related

Server1 <-> server2 setup?
Question
Is it possible to generate SSL dynamically for wildcard TLDs (not subdomains) with DO load balancers?
Question

Question

Kubernetes Load Balancer HTTPS Redirect Disabled During Cluster Upgrade

I have a frontend web server I’m hosting using DigitalOcean Kubernetes, and created a load balancer to serve traffic through. I created the load balancer using kubectl expose and then set it to redirect https traffic to http through the DigitalOcean website. I’ve noticed that every time I upgrade the Kubernetes cluster version it resets the load balancer’s settings, preventing any secure https traffic coming through. Is this intended behavior? How can I permanently setup https redirect? I’m assuming one of two things is happening:

  1. I’m not supposed to be able to edit load balancers that were created through Kubernetes, but this behavior was accidentally allowed through the UI

  2. The Kubernetes upgrade process inadvertently wipes all load balancer settings for balancers associated with the cluster that’s being upgraded

Any help is much appreciated, thanks!

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

tvolk131April 24, 2021
Accepted Answer

Not sure if anyone else has experienced this same problem, but I was able to fix it! Option #1 seems closest to reality. From my understanding, Kubernetes-owned load balancers should be configured completely using Kubernetes annotations, not through the UI. These resources helped me determine what was going on:

And in case anyone else is also trying to setup a load balancer with SSL redirect and a DigitalOcean-managed SSL certificate, here’s my final service definition:

apiVersion: v1
kind: Service
metadata:
  name: frontend-service
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-certificate-id: "your-certificate-id-here"
    service.beta.kubernetes.io/do-loadbalancer-hostname: "crusty.cards"
    service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
    service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
    service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
spec:
  type: LoadBalancer
  ports:
    - name: http
      port: 80
      targetPort: 80
    - name: https
      port: 443
      targetPort: 80
  selector:
    app: frontend

If anyone from the DigitalOcean team is reading this… I think it would make a lot of sense to disallow modification of load balancer settings through the UI for Kubernetes-managed load balancers, and instead state that all settings must be changed through the use of annotations, and provide links to some of the resources listed above. That would have saved me hours of work and frustration.

Managed Load Balancers on DigitalOceanProduct

Load balancing, simplified:

  • Scale your applications and improve availability, security, and performance across your infrastructure in a few clicks
  • Automatically provision and renew SSL certificates free of charge through Let's Encrypt
  • Seamlessly add Load Balancers to your DigitalOcean Kubernetes cluster

Related

Server1 <-> server2 setup?
Question
Is it possible to generate SSL dynamically for wildcard TLDs (not subdomains) with DO load balancers?
Question

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up