K
Q

How do I use an ingress behind a load balancer in GKE?

6/24/2019

I'm using k8s to deploy my app which has 3 parts. The main website (landing page), App component 1 (by admins only) and App Component 2 (for paid users). I've recently come across a pattern where there is a main external load balancer, and an ingress for each part of the app. Eg:

LB 
  -> Ingress1 -> Main App
  -> Ingress2 -> App Component 1 (only accessible by admins)
  -> Ingress3 -> App Component 2 (only accessible by paid users)

Is it common to have an architecture like this? Could someone point me to a few good examples (using k8s) which are deploying apps like this. Thanks in advance!

-- Panda
google-kubernetes-engine
kubernetes
kubernetes-ingress
load-balancing
nginx-ingress

Similar Questions

The connection to the server x.x.x.:6443 was refused - did you specify the right host or port? Kubernetes
kubernetes dns search domain appended in some queries
is docker daemon running
Minikube with nginx ingress path rewrite issue

2 Answers

6/25/2019

The most common way that we can follow is to create a single ingress which will forward a traffic based on path. For example,

paths:
          - path: /app1/
            backend:
              serviceName: app_1
              servicePort: 80
          - path: /app2/
            backend:
              serviceName: app_2
              servicePort: 80

So "serviceName" is any service name created in k8s(LB/NodePort/ClusterIP). Finally use this created ingress in external LB/ App GW to forward your external traffic to your application.

-- PratikMoholkar
Source: StackOverflow
6/25/2019

GKE does not support using Ingress or Load Balancers as backends for other Load Balancers. Instead, you can do one of the following:

  1. Create an ingress for each entry point (this is more expensive)

  2. Create a single Ingress using multiple paths (one for each backend). This will route traffic based on the URL entered. This is likely your best and most cost efficient solution. For security, you can incorporate Cloud Armor to ensure that users only access paths they should be accessing.

  3. Create an Ingress to expose your main application, then use service type LoadBalancers to expose the paid portal and the Admin portal. These will work as layer 4 (so you will need to have a DNS record to point the admin and paid URLs to the appropriate IP). You can configure the Load Balancer spec.loadBalancerSourceRanges field to only allow specific IP ranges to restrict access to the admin portal

On another note, there is little benefit in your layout to have a Load Balancer in front of the Ingresses since you aren't looking to balance traffic between the 3 ingresses. You want all traffic hitting the ingresses and then being directed to the right backend and balanced between serving pods.

-- Patrick W
Source: StackOverflow