GKE GRPC load balancer https - requirements question

5/22/2019

I try to do GRPC client --> GCP external LB with HTTPS --> GKE with pod GRPC server

The external LB uses a google managed certificate.

The documentation states:

If you are using HTTPS or HTTP/2 from the load balancer to the backends, you must install SSL certificates on each VM instance. To install SSL certificates on a VM instance, use the instructions in your application documentation. These certificates can be self-signed.

So I developped the grpc server with a self-signed certificate.

My question is how the backend service (part of the LB) can call the GRPC server without the server.crt, i.e. the public key of the cert used in the GRPC server?

Is there a way to pass this server.crt to the backend service?

I don't see how to fulfill the documentation requirement.

Please help :)

-- unludo
google-cloud-platform
google-kubernetes-engine
grpc
https
load-balancing

0 Answers