I'm trying to set HTTPS-LB, which is not allow to use HTTP, on GKE with Ingress.
Now, as described in a official site, I deployed a simple application on a private cluster. This application works that can be accessed with a browser. ※both by http-connection and https-connection
Then I prohibit a http-access to the application by turning a frontend's protocol "http" off (deletion) in a setting of the LB. Actually, at first, a http-connection via the browser got error, not connection-error. After a 5-10 mins, http-protocol setting is restored automatically.
Here is a yaml file.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-name
annotations:
# kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: "ip-name"
spec:
#tls:
#This assumes tls-secret exists.
#- hosts:
# - XXXXXXXX.XXX.XXX
# secretName: ip-secret ← no use because of google-managed-ssl
rules:
- http:
paths:
# to app
- path: /*
backend:
serviceName: XXXXX-backend
servicePort: 80
# to DS Export
- path: /backend/*
backend:
serviceName: XXXXX-be-backend
servicePort: 80
Is this problem due to a browser? or an internal settings like http-health-checker on gce instances?
If you could confirm which tutorial you’re following, we can confirm the test. Saying this, i think the behavior you are seeing could be expected.
According to GKE Ingress doc , it states:
"Whenever an HTTP(S) load balancer is configured through Ingress, you must not manually change or update the configuration of the HTTP(S) load balancer. That is, you must not edit any of the load balancer's components, including target proxies, URL maps, and backend services. Any changes that you make will be overwritten by GKE. "
You can try to delete the ingress, do the manual edit to your YAML file and recreate it again and see if the removal of HTTP works.