Digital Ocean’s Load Balancers provides 2 options for the SSL configuration:
I just want to make sure that SSL Certificate is the right choice considering that bootstrap’s certificate CN on 6443 is “system:kube-apiserver”.
Thanks!
I assume you’re talking about for OKD?
I just configured them all the same:
Programmatically I think it would be something like this (untested):
# https://www.digitalocean.com/community/tutorials/how-to-work-with-digitalocean-load-balancers-using-doctl
check="protocol:tcp,port:6443,path:,check_interval_seconds:10,response_timeout_seconds:10,healthy_threshold:2,unhealthy_threshold:10"
rules=''
for port in 80 443 6443 22623; do
rules+="entry_protocol:tcp,entry_port:${port},target_protocol:tcp,target_port:${port},certificate_id:,tls_passthrough:false "
done
doctl compute load-balancer create \
--name okdtest --region nyc3 \
--health-check "${check}" \
--forwarding-rules "${rules:0:-1}" # pull off tailing space
And then later after DNS is set up with the IP of the load balancer and you’ve created the droplets:
droplets=$(doctl compute droplet list --no-header --format ID | tr '\n' ',')
lbid=$(doctl compute load-balancer list --no-header --format ID)
doctl compute load-balancer add-droplets \
"${lbid}" --droplet-ids "${droplets}"