By tvolk131
I have a frontend web server I’m hosting using DigitalOcean Kubernetes, and created a load balancer to serve traffic through. I created the load balancer using kubectl expose and then set it to redirect https traffic to http through the DigitalOcean website. I’ve noticed that every time I upgrade the Kubernetes cluster version it resets the load balancer’s settings, preventing any secure https traffic coming through. Is this intended behavior? How can I permanently setup https redirect? I’m assuming one of two things is happening:
-
I’m not supposed to be able to edit load balancers that were created through Kubernetes, but this behavior was accidentally allowed through the UI
-
The Kubernetes upgrade process inadvertently wipes all load balancer settings for balancers associated with the cluster that’s being upgraded
Any help is much appreciated, thanks!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Not sure if anyone else has experienced this same problem, but I was able to fix it! Option #1 seems closest to reality. From my understanding, Kubernetes-owned load balancers should be configured completely using Kubernetes annotations, not through the UI. These resources helped me determine what was going on:
-
How to configure a DigitalOcean Load Balancer with DNS routing from Kubernetes
-
Push-to-Deploy on DigitalOcean Kubernetes Using GitHub Actions
-
Helpful repo from the link above that has a good starter deployment.yml file
And in case anyone else is also trying to setup a load balancer with SSL redirect and a DigitalOcean-managed SSL certificate, here’s my final service definition:
apiVersion: v1
kind: Service
metadata:
name: frontend-service
annotations:
service.beta.kubernetes.io/do-loadbalancer-certificate-id: "your-certificate-id-here"
service.beta.kubernetes.io/do-loadbalancer-hostname: "crusty.cards"
service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
spec:
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 80
selector:
app: frontend
If anyone from the DigitalOcean team is reading this… I think it would make a lot of sense to disallow modification of load balancer settings through the UI for Kubernetes-managed load balancers, and instead state that all settings must be changed through the use of annotations, and provide links to some of the resources listed above. That would have saved me hours of work and frustration.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.