When I use type: LoadBalancer
on a GKE service, the controller provisions a TCP load balancer. Is it possible to have an SSL proxy (targetSslProxy) with it? Note that the application layer protocol is not HTTP, so I do not want an ingress.
Asked
Active
Viewed 1,365 times
0
Matt Zimmerman
- 361
- 1
- 10
-
could you say, why you don't want to use an ingress? – c4f4t0r Sep 04 '19 at 14:53
-
As I said in the question, the application layer protocol is not HTTP. ingress only supports HTTP traffic – Matt Zimmerman Sep 04 '19 at 21:36
-
ingress supports https too, I already using https with gce ingress controller – c4f4t0r Sep 05 '19 at 08:33
-
What I want is SSL/TLS with a non-HTTP protocol inside. HTTPS is...well, still HTTP inside. – Matt Zimmerman Sep 05 '19 at 17:04
2 Answers
0
You wrote you don't want to use Ingress, however did you consider SSL Passthrough
annotation which is disabled by default?
More information about this annotation ca be found here.
You can try to use TargetProxy. I will not paste here any configuration because it is good described on GC Documentation
Other possibility is to use URL MAPS.
Here you have some GCP back-ends requirements.
Hope it will help.
EDIT:
General on GKE if you are using LoadBalancer
it will work on Layer4. If you want to use LoadBalancer
on Layer7(HTTPS) you have to use ingress
.
It has been described in GKE docs. You can also check Stackoverflow thread.
PjoterS
- 615
- 3
- 11
-
That annotation is only understood by the nginx ingress controller. Since the cluster is GKE, it uses the ingress-gce controller. URL maps are for HTTP, and I am not using HTTP. The question is whether it's possible to use GCE native SSL termination with a non-HTTP service running in GKE – Matt Zimmerman Aug 17 '19 at 16:51
-
2Unfortunately it is not possible using LB on GKE. General on GKE if you are using LoadBalancer it will work on Layer4. If you want to use LoadBalancer on Layer7(HTTPS) you have to use ingress. You can find some information at GCP documentation: https://cloud.google.com/load-balancing/docs/network/ or check Stackoverflow thread:https://stackoverflow.com/questions/44365921/enable-https-on-gce-gke – PjoterS Sep 04 '19 at 14:18
0
No, GKE controllers only use HTTP(S) load balancers for ingress and network load balancer (L4) for service type loadbalancer.
Patrick W
- 582
- 2
- 8