I am setting a couple of services running on Google Container Engine, with traffic coming in through a Google HTTP Load Balancer, using path mapping.
There is a good Google tutorial on setting up content-based load-balancing here, but it is all in terms of plain Google Compute objects like instance groups and backend services. I, however, have Kubernetes services, pods and clusters.
What is the relationship between the Kubernetes objects and the Google Compute resources? How do I map between the two programmatically?
(I am aware that I could be using a Kubernetes web ingress object to do the balancing, as explained here, but it looks like Kubernetes Ingress does not yet support HTTPS, which need.)
What is the relationship between the Kubernetes objects and the Google Compute resources? How do I map between the two programmatically?
https://github.com/kubernetes/contrib/tree/master/Ingress/controllers/gce#overview
(I am aware that I could be using a Kubernetes web ingress object to do the balancing, as explained here, but it looks like Kubernetes Ingress does not yet support HTTPS, which need.)
Ingress will support HTTPS in 1.2. This is what the resource will look like: https://github.com/kubernetes/kubernetes/issues/19497#issuecomment-174112834. In the meanwhile you can setup HTTP loadbalancing with the Ingress and hand modify it to support https. Apologies beforehand that this is convoluted, it will get better soon.
First create an HTTP Ingress:
- Create Services of Type=NodePort
- Make sure you have BackendService quota
- Create a HTTP Ingress
- Expose the node port (s) of the service in the Firewall (also as mentioned in https://cloud.google.com/container-engine/docs/tutorials/http-balancer)
- Wait till kubect describe ing shows HEALTHY for you backends.
At this point you should be able to curl your Ingress loadbalancer IP and hit the nginx service (or whatever service you created in step 1).
Then do the following, manually through the GCE console:
- Change the IP of the Ingress resource from "Ephmermal" to "Static" (look for the IP in
kubectl get ing
in the "External IP addresses" tab)
- Create your ssl cert. If you just want a self signed cert you can do:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/nginx.key -out /tmp/nginx.crt -subj "/CN=nginxsvc/O=nginxsvc"
- Create a new target HTTPS proxy and forwarding rule for the HTTPS load balancer and assign it to the same (static) IP of the http load balancer.
At this point you should be able to curl https://loadbalancer-ip -k