How to Configure Advanced Load Balancer Settings in Kubernetes Clusters Limited Availability

Kubernetes is currently in limited availability. Learn more.

The DigitalOcean Cloud Controller supports provisioning DigitalOcean Load Balancers in a cluster’s resource configuration file. You can specify the following advanced settings in the metadata stanza of your configuration file under annotations:

  • Algorithm
  • Sticky sessions
  • Health checks
  • Forced SSL connections

Algorithm

By default, the load balancer splits connections evenly across the backend using the round-robin protocol. The least connections algorithm will route traffic to the backend worker node with the fewest number of open connections.

Use round_robin instead of least_connections to explicitly specify the default setting.

. . .
metadata:
  name: least-connections-snippet
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-algorithm: "least_connections"
. . .

See a full configuration example for least connections.

Sticky Sessions

By default, the load balancer routes each client request to the backend following the configured algorithm. When you enable sticky sessions, the load balancer will route a client’s initial request to a worker node and use a cookie to route its follow-up requests to that same node.

Use none instead of cookies to explicitly specify the default setting.

metadata:
  name: sticky-session-snippet
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-sticky-sessions-type: "cookies"
    service.beta.kubernetes.io/do-loadbalancer-sticky-sessions-cookie-name: "example"
    service.beta.kubernetes.io/do-loadbalancer-sticky-sessions-cookie-ttl: "60"

See a full configuration example for sticky sessions.

Health Checks

By default, the load balancer peforms health checks on the worker nodes over HTTP on port 80 at the webserver root.

You can change both the protocol and path in the metadata stanza’s annotations section.

metadata:
  name: health-check-snippet
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
    service.beta.kubernetes.io/do-loadbalancer-healthcheck-path: "/health"

See full configuration examples for the health check path and health check protocol

Forced SSL Connections

If you configure at least one HTTP and one HTTPS rule, you can force the load balancer to redirect all HTTP requests to HTTPS. The example below contains the configuration settings that must be true for the redirect to work.

. . .
  name: https-with-redirect-snippet
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
    service.beta.kubernetes.io/do-loadbalancer-algorithm: "round_robin"
    service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
    service.beta.kubernetes.io/do-loadbalancer-certificate-id: "your-certificate-id"
    service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
. . .

See the full configuration example for forced SSL connections.

References

For more about managing load balancers, see: