I am having trouble using the HTTP Load Balancer (Layer 7) with a service in GKE. I originally exposed the service in GKE using the LoadBalancer service type:

kubectl expose deployment myservice --type="LoadBalancer"

This will create a public IP address for my cluster in the same zone and it has been working well. My goal is to use a global IP address with SSL support for my service. This is what I have tried:

1. expose the GKE service as NodePort type kubectl expose deployment myservice --type=“NodeType”
2. follow the tutorial here to create an ingress object. It didn’t work because the service in GKE is already in a managed instance group, and the ingress object would create a new instance group with zero instance. I found a discussion here.
3. follow the suggestion in the discussion. Deleted to ingress object, and try to set up the HTTP Load Balancer manually from google cloud console.
   • Added a firewall rules to allow 130.211.0.0/22 on port 80 and 8081 (my service port) on all targets.
   • Backend service is the managed Instance group created by GKE.
   • Created a health check on port 8081, path /health. It still doesn’t work because the load balancer can recognize the correct number of instances in the managed instance group, but there are zero healthy nodes. My service has a health check endpoint myservice:8081/health and the root path "/" also returns HTTP 200 OK. I played with the health check configurations but the load balancer can never find a healthy node.

What am I missing?