05/25/2023, 2:12 AM
Hey guys.. I hope this is the right place for this. I'm basically trying to setup a fairly simple infra on DigitalOcean where I have my nodejs app (express) in a k8s cluster. That's all well and good but the networking is where I'm tripping up. There's three scenarios I see mentioned online mostly. 1. LoadBalancer (traditional) ssl terminating routing traffic directly to the node pool 2. LoadBalancer (kubernetes service) as ingress routing traffic directly to node pool 3. LoadBalancer (traditional) ssl terminating routing traffic to the kubernetes ingress service Now, as I don't really want the hassle of managing certificates manually I was wondering what the easiest way of going through route 2, but having the k8s loadbalancer service do the ssl termination so I don't need to do it directly on the API. Is this possible and if so, can it be done in an easy way? For reference here's a simplified version of my pulumi index.ts:
import * as digitalocean from "@pulumi/digitalocean";
import * as kubernetes from "@pulumi/kubernetes";

const defaultRegion: digitalocean.Region = digitalocean.Region.LON1;

 * Domain
const domain = new digitalocean.Domain("domain", {
    name: "some-domain",
    ipAddress: 'some-ip'

 * Kubernetes
 * This is here just to fix 50% of the time, when running pulumi up it failed due to 'incompatable version error'.
async function getKubernetesVersions() {
    const versions = digitalocean.getKubernetesVersions({});
    return (await versions).latestVersion;

const cluster = new digitalocean.KubernetesCluster("do-cluster", {
    region: defaultRegion,
    version: getKubernetesVersions(),
    nodePool: {
        name: "api-pool",
        size: 's-1vcpu-2gb',
        nodeCount: 1,

export const kubeconfig = cluster.kubeConfigs[0].rawConfig;
const provider = new kubernetes.Provider("do-k8s", { kubeconfig });

const appLabels = { "app": "app-nginx" };
const app = new kubernetes.apps.v1.Deployment("do-app-dep", {
    spec: {
        selector: { matchLabels: appLabels },
        replicas: 1,
        template: {
            metadata: { labels: appLabels },
            spec: {
                containers: [{
                    name: "nginx",
                    image: "nginx",
}, { provider });

const appService = new kubernetes.core.v1.Service("do-app-svc", {
    spec: {
        type: "LoadBalancer",
        selector: app.spec.template.metadata.labels,
        ports: [{ port: 80 }],
}, { provider });

export const ingressIp = appService.status.loadBalancer.ingress[0].ip;

// point <|> to the ingress IP
const apiRecord = new digitalocean.DnsRecord("api", {
    type: "A",
    name: "api",
    value: ingressIp,
    ttl: 30
Many thanks in advance! (PS: sorry if this isn't really the right place to post this)
Here's a rough diagram to show what scenarios I mentioned above..