0

I have a Google Kubernetes cluster, and I would like to add a CDN with signed cookies. For that I have to do some load balancer configuration such as creating a signed request key and create a policy.

How can I do this with the proper automation tools. I see these paths:

  • GKE Ingress controller annotations (is there a big list of all available ones?) -- I haven't found the right annotations to implement cookies.
  • Terraform seems to allow all such configuration, but Terraform cannot manage load balancer created by the GKE Ingress.
  • Create a standalone zonal network endpoint groups (NEGs) configuration of of my GKE cluster, and manage LB with Terraform. This seems to be the most promising path, but also the most cumbersome and complex, so I was hoping to avoid it in favor of using Ingress annotations.
Yuri Astrakhan
  • 151
  • 1
  • 7
  • Hello, have you seen official documentation about GKE Ingress features: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features? Also the Ingress annotations can be found here: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features. As for the signed cookies you could follow this link: https://cloud.google.com/cdn/docs/using-signed-cookies#creatingkeys – Dawid Kruk Sep 07 '20 at 14:17
  • Dawid, you have the same link twice. I have read all those pages in detail, but they don't answer my question -- how can I do the above with automation (i.e. purely inside k8s, or if not possible, in k8s + terraform) – Yuri Astrakhan Sep 07 '20 at 18:09
  • Yes, my bad. The second link should be this one: [LINK](https://cloud.google.com/kubernetes-engine/docs/how-to/load-balance-ingress#summary_of_external_ingress_annotations). GKE `Ingress` doesn't have annotations for `cloudcdn` cookies (only `sessionAffinity`) I'm not sure why are trying to connect `Ingress` resource with signed-cookies as the documentation states that it's done/configured on the backend (application side). Please take a look on this example: Configure `CloudCDN` with `BackendConfig`: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#expandable-1 – Dawid Kruk Sep 08 '20 at 12:01
  • There's apparently a bug in the docs. The Service annotation needs to be `beta.cloud.google.com/backend-config: '{"default":"my-backendconfig"}'` and not the ports object they describe. – internetdotcom Jan 22 '21 at 23:02

0 Answers0