GKE cluster - can I direct traffic from global http load balancer to nginx ingress controller

0
votes

I'm using GKE and I installed nginx ingress controller on the cluster. GCP created automatically a TCP load balancer to redirect the request from the external ephemeral IP to my cluster nodes (nginx).

I have another a web application deployed on a VM, and I'd like to balance the incoming requests by subdomain between VM and gke cluster. In order to do that I created a global load balancer with 2 backends and the host and path rules.

I configured DNS record A to point the Global load balancer.

I can reach the VM from my domain but I cannot reach the ingresses installed on GKE.

I tried to configure the gke-backend as instance group (node pool) and as Internet network endpoint group pointing to TCP load balancer. But without success :-(

How can I balance between a VM and GKE cluster in GCP?

3
nginxgoogle-cloud-platformload-balancinggoogle-kubernetes-enginenginx-ingress
Did you debug your network configuration? Did you activate the flow logs to see what happens to your tcp packet?guillaume blaquiere

3 Answers

1
votes

I suggest you to check logs on your global LB to see what happened to the packets whose destination was your GKE cluster, for more information see this. If possible, share any errors or warnings.

This way we could have a better picture of what's happening.

1
votes

This is not normally done. To begin with, you can't have an HTTP(S) Load balancer target a network load balancer. The LB must point to a backend service that is comprised of either a network endpoint group or an instance group.

The only way for this to work is to use an unmanaged instance group that contains all the current nodes. You can then add the unmanaged instance group as a backend service to your HTTP(S) LB, specifying the Nginx Ingress nodePort as the backend port.

The problem with the above is that when any of the cluster nodes change (scale up, down, or get replaced due to an upgrade), the unmanaged instance group will not update with the new nodes automatically. You will need to manually keep the group up to date.

0
votes

I solved my problems by using 2 static IPs and 2 DNS A records, the first one (*.mydomain) targets the k8s cluster and second one (service.mydomain) targets my VM.

It was the fast solution I just came up