GKE Loadbalancer how to add SSL Certs

10/21/2018

I have a service of ingress type LoadBalancer.

spec:
  type: LoadBalancer

GKE create a loadbalancer and forwarding rules. The Load Balancer created by GKE/GCloud is tcp. I want Google Managed SSL Certs. I created the certs using gcloud

gcloud beta compute ssl-certificates create... 

How do I attach this cert to the LoadBalancer defined by GKE. There is no section in the console to edit the load balancer/front end to add SSL certs? Can I do it using the gcloud CLI

Thanks

-- Rajesh Jain
gcloud
google-kubernetes-engine
kubernetes

1 Answer

10/21/2018

If you want to terminate SSL on your GCE load balancer it can't be a TCP load balancer because a TCP load balancer is a Layer 4 load balancer, and SSL is at layer 7 in the network stack. For this type of load balancer, you can set up a Kubernetes Ingress with an ingress controller like nginx or Traefik and terminate SSL on the Ingress.

GCE support layer 7 load balancers but they are not supported in Kubernetes yet (afaik). However, you could actually terminate SSL on GCE if you'd like to, by provisioning an HTTPS or L7 load balancer, but you will have to manually point it to a Kubernetes Service of the NodePort type.

-- Rico
Source: StackOverflow