Description
I'm trying to attach a Kubernetes Service to an existing DigitalOcean Load Balancer using the kubernetes.digitalocean.com/load-balancer-id annotation. However, instead of reusing the existing load balancer, Kubernetes attempts to create a new one and fails with a name conflict error.
Error
Error from server (Forbidden): error when creating "svc.yaml": admission webhook "validation-webhook.cloud-controller-manager.digitalocean.com" denied the request: invalid load balancer definition: POST https://api.digitalocean.com/v2/load_balancers: 422 (request "646c8b68-8331-4199-967e-dd82ec1b800a") There is already a load balancer with that name
Expected Behavior
The Service should attach to the existing load balancer specified by: kubernetes.digitalocean.com/load-balancer-id: <loadbalancer-id>
Actual Behavior
Kubernetes (via the DigitalOcean cloud controller) attempts to create a new load balancer instead of using the existing one, resulting in a conflict because a load balancer with the same name already exists.
Service Manifest
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: traefik
labels:
app.kubernetes.io/name: traefik
annotations:
kubernetes.digitalocean.com/load-balancer-id: <loadbalancer-id>
service.beta.kubernetes.io/do-loadbalancer-name: <loadbalancer-name>
service.beta.kubernetes.io/do-loadbalancer-type: REGIONAL
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik
ports:
- name: web
port: 8000
protocol: TCP
targetPort: web
- name: websecure
port: 8443
protocol: TCP
targetPort: websecureEnvironment
- Kubernetes version: 1.35.1
- DigitalOcean Kubernetes (DOKS)
- Cloud Controller Manager: DigitalOcean
Questions / Help Needed
- Is
kubernetes.digitalocean.com/load-balancer-id supposed to reuse an existing LB, or only work with LBs previously created by Kubernetes?
- Are there additional annotations or requirements needed to attach to an existing load balancer?
- Is it expected behavior that specifying both load-balancer-id and do-loadbalancer-name causes a conflict?
- Is there a supported way to adopt/import an existing DigitalOcean Load Balancer into Kubernetes?
Additional Notes
It appears the controller ignores the provided load balancer ID and attempts to create a new resource based on the name annotation, leading to a conflict.
Any clarification or guidance would be greatly appreciated.
Description
I'm trying to attach a Kubernetes Service to an existing DigitalOcean Load Balancer using the
kubernetes.digitalocean.com/load-balancer-idannotation. However, instead of reusing the existing load balancer, Kubernetes attempts to create a new one and fails with a name conflict error.Error
Error from server (Forbidden): error when creating "svc.yaml": admission webhook "validation-webhook.cloud-controller-manager.digitalocean.com" denied the request: invalid load balancer definition: POST https://api.digitalocean.com/v2/load_balancers: 422 (request "646c8b68-8331-4199-967e-dd82ec1b800a") There is already a load balancer with that nameExpected Behavior
The Service should attach to the existing load balancer specified by:
kubernetes.digitalocean.com/load-balancer-id: <loadbalancer-id>Actual Behavior
Kubernetes (via the DigitalOcean cloud controller) attempts to create a new load balancer instead of using the existing one, resulting in a conflict because a load balancer with the same name already exists.
Service Manifest
Environment
Questions / Help Needed
kubernetes.digitalocean.com/load-balancer-idsupposed to reuse an existing LB, or only work with LBs previously created by Kubernetes?Additional Notes
It appears the controller ignores the provided load balancer ID and attempts to create a new resource based on the name annotation, leading to a conflict.
Any clarification or guidance would be greatly appreciated.