0

When I use type: LoadBalancer on a GKE service, the controller provisions a TCP load balancer. Is it possible to have an SSL proxy (targetSslProxy) with it? Note that the application layer protocol is not HTTP, so I do not want an ingress.

Matt Zimmerman
  • 361
  • 1
  • 10

2 Answers2

0

You wrote you don't want to use Ingress, however did you consider SSL Passthrough annotation which is disabled by default? More information about this annotation ca be found here.

You can try to use TargetProxy. I will not paste here any configuration because it is good described on GC Documentation

Other possibility is to use URL MAPS.

Here you have some GCP back-ends requirements.

Hope it will help.

EDIT:

General on GKE if you are using LoadBalancer it will work on Layer4. If you want to use LoadBalancer on Layer7(HTTPS) you have to use ingress.

It has been described in GKE docs. You can also check Stackoverflow thread.

PjoterS
  • 615
  • 3
  • 11
  • That annotation is only understood by the nginx ingress controller. Since the cluster is GKE, it uses the ingress-gce controller. URL maps are for HTTP, and I am not using HTTP. The question is whether it's possible to use GCE native SSL termination with a non-HTTP service running in GKE – Matt Zimmerman Aug 17 '19 at 16:51
  • 2
    Unfortunately it is not possible using LB on GKE. General on GKE if you are using LoadBalancer it will work on Layer4. If you want to use LoadBalancer on Layer7(HTTPS) you have to use ingress. You can find some information at GCP documentation: https://cloud.google.com/load-balancing/docs/network/ or check Stackoverflow thread:https://stackoverflow.com/questions/44365921/enable-https-on-gce-gke – PjoterS Sep 04 '19 at 14:18
0

No, GKE controllers only use HTTP(S) load balancers for ingress and network load balancer (L4) for service type loadbalancer.

Patrick W
  • 582
  • 2
  • 8