Google Cloud HTTP Load Balancer (layer 7) for GKE

2
votes

I am having trouble using the HTTP Load Balancer (Layer 7) with a service in GKE. I originally exposed the service in GKE using the LoadBalancer service type:

kubectl expose deployment myservice --type="LoadBalancer"

This will create a public IP address for my cluster in the same zone and it has been working well. My goal is to use a global IP address with SSL support for my service. This is what I have tried:

  1. expose the GKE service as NodePort type kubectl expose deployment myservice --type=“NodeType”
  2. follow the tutorial here to create an ingress object. It didn’t work because the service in GKE is already in a managed instance group, and the ingress object would create a new instance group with zero instance. I found a discussion here.
  3. follow the suggestion in the discussion. Deleted to ingress object, and try to set up the HTTP Load Balancer manually from google cloud console.
    • Added a firewall rules to allow 130.211.0.0/22 on port 80 and 8081 (my service port) on all targets.
    • Backend service is the managed Instance group created by GKE.
    • Created a health check on port 8081, path /health. It still doesn’t work because the load balancer can recognize the correct number of instances in the managed instance group, but there are zero healthy nodes. My service has a health check endpoint myservice:8081/health and the root path "/" also returns HTTP 200 OK. I played with the health check configurations but the load balancer can never find a healthy node.

What am I missing?

1
kubernetesgoogle-cloud-platform
Wouldn't the easiest way to go about this is: 1. Create a deployment with an nginx server, where you can configure your SSL connection. It will route the requests to your other services. 2. Create a service of a type LoadBalancer around the nginx deployment, which will give you a public IP.Robert Lacok
That might help you stackoverflow.com/questions/40136891/…. If you use ingresses and start using kube-lego (in case letsencrypt is enough), you'd be surprised about how easy it all becomeBen

1 Answers

1
votes

It turns out if I want to follow the ingress tutorial, I cannot define a HTTP(S) Load Balancer on the same endpoint. You either choose to follow the tutorial and let the ingress object to define a LB automatically, which worked for me after deleting my testing LB, or do not use ingress and define LB manually (which I never got it working).