I set up a simple 1-node GKE deployment with the default (beta) ingress, created via the GCP console. I would like to set up a Google-managed SSL certificate and HTTPS proxy to the a single GKE node & service hosting HTTP & WebSockets.
There are older methods mentioned out there of using NGINX and Ingress Controller as a load balancer and/or reverse proxy to allow WebSockets and HTTPS, but those options do not integrate with GCP's Load Balancers, which means no Cloud CDN, Cloud NAT or Google-managed SSL certificates. From the documentation, it seems they sorted out the old problems of websockets and https load balancers, but GKE has no information I can find on how to do this.
Is there a way to configure this manually?
The relevant service configuration is:
spec:
clusterIP: 10.27.247.83
externalTrafficPolicy: Cluster
ports:
- nodePort: 30621
port: 80
protocol: TCP
targetPort: 3456
selector:
app: angmar-wsproxy-test
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 35.245.111.75
The load balancer appears on the GCP Console as a TCP proxy, too, which leaves no option for session affinity, HTTP features like websockets, or Google managed SSL certificates.
Best Answer
not sure if this is still relevant, but yes - it can be done.