Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
c
careful-winter-88523
05/25/2023, 2:12 AMHey guys.. I hope this is the right place for this.
I'm basically trying to setup a fairly simple infra on DigitalOcean where I have my nodejs app (express) in a k8s cluster. That's all well and good but the networking is where I'm tripping up.
There's three scenarios I see mentioned online mostly.
1. LoadBalancer (traditional) ssl terminating routing traffic directly to the node pool
2. LoadBalancer (kubernetes service) as ingress routing traffic directly to node pool
3. LoadBalancer (traditional) ssl terminating routing traffic to the kubernetes ingress service
Now, as I don't really want the hassle of managing certificates manually I was wondering what the easiest way of going through route 2, but having the k8s loadbalancer service do the ssl termination so I don't need to do it directly on the API.
Is this possible and if so, can it be done in an easy way?
For reference here's a simplified version of my pulumi index.ts:
import * as digitalocean from "@pulumi/digitalocean";
import * as kubernetes from "@pulumi/kubernetes";
const defaultRegion: digitalocean.Region = digitalocean.Region.LON1;
/**
* Domain
*/
const domain = new digitalocean.Domain("domain", {
name: "some-domain",
ipAddress: 'some-ip'
});
/**
* Kubernetes
* This is here just to fix 50% of the time, when running pulumi up it failed due to 'incompatable version error'.
*/
async function getKubernetesVersions() {
const versions = digitalocean.getKubernetesVersions({});
return (await versions).latestVersion;
}
const cluster = new digitalocean.KubernetesCluster("do-cluster", {
region: defaultRegion,
version: getKubernetesVersions(),
nodePool: {
name: "api-pool",
size: 's-1vcpu-2gb',
nodeCount: 1,
},
});
export const kubeconfig = cluster.kubeConfigs[0].rawConfig;
const provider = new kubernetes.Provider("do-k8s", { kubeconfig });
const appLabels = { "app": "app-nginx" };
const app = new kubernetes.apps.v1.Deployment("do-app-dep", {
spec: {
selector: { matchLabels: appLabels },
replicas: 1,
template: {
metadata: { labels: appLabels },
spec: {
containers: [{
name: "nginx",
image: "nginx",
}],
},
},
},
}, { provider });
const appService = new kubernetes.core.v1.Service("do-app-svc", {
spec: {
type: "LoadBalancer",
selector: app.spec.template.metadata.labels,
ports: [{ port: 80 }],
},
}, { provider });
export const ingressIp = appService.status.loadBalancer.ingress[0].ip;
// point <http://api.some-domain.com|api.some-domain.com> to the ingress IP
const apiRecord = new digitalocean.DnsRecord("api", {
domain: domain.name,
type: "A",
name: "api",
value: ingressIp,
ttl: 30
});Here's a rough diagram to show what scenarios I mentioned above..