How to use GKE Ingress along with Nginx Ingress?

3
votes

GKE Ingress: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress

Nginx Ingress: https://kubernetes.github.io/ingress-nginx/

Why GKE Ingress

GKE Ingress can be used along with Google's managed SSL certificates. These certificates are deployed in edge servers of load balancer which results in very low TTFB (time to first byte)

What's wrong about GKE Ingress

The HTTP/domain routing is done in the load balancer using 'forward rules' which is very pricy. Costs around $7.2 per rule. Each domain requires one rule.

Why Nginx Ingress

Nginx Ingress also creates (TCP/UP) load balancer where we can specify routing of HTTP/domain using ingress controller. Since the routing is done inside the cluster there are no additional costs on adding domains into the rules

What's wrong about Nginx Ingress

To enable SSL, we can use cert-manager. But as I mentioned above, Google's managed certificate deploy certificates in edge servers which results in very low latency

My Question

Is it possible to use both of them together? So that HTTPS requests first hit GKE ingress which will terminate SSL and route the traffic to Nginx ingress which will route it to corresponding pods

1
kubernetesgoogle-kubernetes-enginekubernetes-ingressnginx-ingress
You can use multiple ingress controllers. Maybe you could deploy the core nginx deployment and other components, then expose it as a NodePort service instead of a LoadBalancer service, modifying this, then create an Ingress whose class corresponds to GKE for that service. All other Ingresses should then be created with the nginx class...Amit Kumar Gupta
... haven't tried it though, curious if that works.Amit Kumar Gupta

1 Answers

1
votes

Is not possible to point an Ingress to another Ingress. Furthermore and in your particular case, is also not possible to point a GCE ingress class to Nginx since it relies in an HTTP(S) Load Balancer, which can only have GCE instances/instances groups (basically the node pools in GKE), or GCS buckets as backends.

If you were to deploy an Nginx ingress using GKE, it will spin up a Network Load Balancer which is not a valid backend for the HTTP(S) Load Balancer.

So is neither possible via Ingress nor GCP infrastructure features. However, if you need the GCE ingress class to be hit first, and then, manage further routing with Nginx, you might want to consider having Nginx as a Kubernetes Service/Deployment to manage the incoming traffic once is within the cluster network.

You can create a ClusterIP service for internally accessing your Nginx deployment and from there, using cluster-local hostnames to redirect to other services/applications within the cluster.