Digital Ocean / Kubernetes load balancer with DO LetsEncrypt

Hi,

I’m using Terraform to create infra on Digital Ocean, primarily a managed Kubernetes service. This has been a great experience so far as I can avoid using kubernetes configurations explicitly.

I’ve hit a snag in that I can create a DO load balancer using just a Kubernetes service and the provider, which links back to the DO kubernetes cluster - but I can’t figure out how to get lets encrypt certificates working on the DO LB. The Digital Ocean load balancers support lets encrypt natively:

resource "digitalocean_certificate" "cert" {
  name    = "le-terraform-example"
  type    = "lets_encrypt"
  domains = ["example.com"]
}

The problem arises when I want to connect these certs to the DO load balancer created by the kube service declaration:

resource "kubernetes_service" "mybuttercup-web" {
  metadata {
    name = "example-web"
    namespace = "example"
  }
  spec {
    selector = {
      app = "example-web"
    }
    port {
      protocol    = "HTTP"
      port        = 80
      target_port = 80
    }
    port {
      protocol    = "HTTPS"
      port        = 443
      target_port = 80
    }

    type = "LoadBalancer"
  }
}

Seems that Kubernetes (within Terraform) allows certificate specification on ingress’es only - or am I utterly confused here? We’re not using an ingress specification at all as this is handled entirely by the service now. If we attempt to use an ingress, the entire setup breaks as we lose the native load balancer.

Do we have to resort to using something like Helm to setup connections with an ingress and DO’s load balancer?

1 Like