K
Q

HTTP to HTTPS redirect in backend behind GCLB

6/17/2018

To my knowledge Google Cloud Load Balancer is not supporting HTTP to HTTPS redirect out of the box and it's a known issue: https://issuetracker.google.com/issues/35904733

Currently, I'm sending certain requests to GKE backend where I run Kubernetes apps and I have GCS-backed backends. I'm also using Apache in the default backend where I force HTTPS.

Problem with this approach is that, if any request match the criteria for GKE backend, I have no way to force HTTPS. I'm thinking to use Apache backend for all requests (?) and somehow proxy some of them to GKE backend. This way Apache backend becomes a bottleneck and I'm not sure if it's a good solution at all.

How would you approach this problem? Thanks in advance!

-- baqx0r
google-cloud-platform
google-kubernetes-engine
load-balancing

Similar Questions

One Kubernetes Dashboard for multiple selected Namespaces
Securing Kubernetes Service with TLS
AWS cluester - understanding Internal Loadbalancer and Ingress
Can we consider using containers (and kubernetes) for monolith, stateful web applications?
After adding AWS ACM EKS ELB is not opening on HTTPS
Kubernetes get pod's full name inside tomcat container in Java
k3s MetalLB ingress-nginx bare metal server ingress problem
I want to output the result of "kubectl get pod" excluding the key using LabelSelector of kubectl
How to read Kubernetes Secret and import to AWS ACM as Private certificate using terraform?

2 Answers

9/14/2018

Seems that the only way is to send HTTP traffic to custom backend (it can be apache/nginx) and force the HTTPS upgrade there.

I find this answer useful if you're using GKE backend with an Ingress.

How to force SSL for Kubernetes Ingress on GKE

-- baqx0r
Source: StackOverflow
7/27/2018

To force SSL traffic from Load Balancer to GKE backend (pod), you need to expose port 443 (or similar) on the pod and configure SSL there.

-- Md Zubayer
Source: StackOverflow