Missing critical annotations for managing load balancers

[danielwoodz]

FEATURE REQUEST

The load-balancer annotations only cover like 10% of the configurable surface area of a load balancer.

Critical areas that are not covered:

• Cannot set allowed cipher suite names
• Cannot set minimum TLS version
• Cannot set load balancer to use existing certificate manager certificate ids (should support certificate_ids like terraform resource.oci_load_balancer_listener)
• Cannot set route rules (ex: redirect all HTTP to HTTPS at the LB, restrict http methods at the LB instead of allowing that into the cluster before being done)
• Cannot set the display name the load balancer
• Cannot set the accepted hostnames at the load balancer
• Cannot associate multiple listeners for different tls certificates for different hostnames.
• Cannot bind load balancer to existing reserved public IP address

The easiest method of handling this would be to have an option for the cluster annotation to attach to a load balancer OCID, create a backend set, and manage ONLY the backend set. Allow terraform to create and manage the rest of the load balancer. That way as nodes come and go, they can modify the backend set with their IP and ingress port, but not modify the rest of the load balancer settings which are managed by terraform.

Anything else we need to know?

Reference Oracle SR: 3-31268985421

[Nctllnty]

these problems still exist.

[emoracle]

with the current tls v1.3 implementation of the LB's this would have been handy

[yuriolisa]

Can I get this one?