From 26a4b6af0b26e3ec2560f6eb5dfd202b6cb8c8f1 Mon Sep 17 00:00:00 2001 From: Conrad Irwin Date: Wed, 3 Jan 2024 19:54:20 -0700 Subject: [PATCH] Disable Dangerous Downtime-causing Default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit According to https://docs.digitalocean.com/products/kubernetes/how-to/configure-load-balancers/#ssl-certificates you can specify whether to disable automatic DNS record creation for the certificate upon the load balancer’s creation using the do-loadbalancer-disable-lets-encrypt-dns-records annotation. If you specify true, we will not automatically create a DNS A record at the apex of your domain to support the SSL certificate. --- crates/collab/k8s/collab.template.yml | 1 + crates/collab/k8s/postgrest.template.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/crates/collab/k8s/collab.template.yml b/crates/collab/k8s/collab.template.yml index e406bf463036bed8f6d031db1176985c6b700cd1..a9dc0c383ecc4db5508e3ef095ed459b0736cb01 100644 --- a/crates/collab/k8s/collab.template.yml +++ b/crates/collab/k8s/collab.template.yml @@ -13,6 +13,7 @@ metadata: annotations: service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443" service.beta.kubernetes.io/do-loadbalancer-certificate-id: ${ZED_DO_CERTIFICATE_ID} + service.beta.kubernetes.io/do-loadbalancer-disable-lets-encrypt-dns-records: true spec: type: LoadBalancer selector: diff --git a/crates/collab/k8s/postgrest.template.yml b/crates/collab/k8s/postgrest.template.yml index e2d11a2cd282fcc5a77f6b6eb4d0ab6dea811855..d366108c344df8c08aace599527642dc5d2c5e40 100644 --- a/crates/collab/k8s/postgrest.template.yml +++ b/crates/collab/k8s/postgrest.template.yml @@ -7,6 +7,7 @@ metadata: annotations: service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443" service.beta.kubernetes.io/do-loadbalancer-certificate-id: ${ZED_DO_CERTIFICATE_ID} + service.beta.kubernetes.io/do-loadbalancer-disable-lets-encrypt-dns-records: true spec: type: LoadBalancer selector: