K
Q

How to use GKE Ingress along with Nginx Ingress?

8/12/2019

GKE Ingress: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress

Nginx Ingress: https://kubernetes.github.io/ingress-nginx/

Why GKE Ingress

GKE Ingress can be used along with Google's managed SSL certificates. These certificates are deployed in edge servers of load balancer which results in very low TTFB (time to first byte)

What's wrong about GKE Ingress

The HTTP/domain routing is done in the load balancer using 'forward rules' which is very pricy. Costs around $7.2 per rule. Each domain requires one rule.

Why Nginx Ingress

Nginx Ingress also creates (TCP/UP) load balancer where we can specify routing of HTTP/domain using ingress controller. Since the routing is done inside the cluster there are no additional costs on adding domains into the rules

What's wrong about Nginx Ingress

To enable SSL, we can use cert-manager. But as I mentioned above, Google's managed certificate deploy certificates in edge servers which results in very low latency

My Question

Is it possible to use both of them together? So that HTTPS requests first hit GKE ingress which will terminate SSL and route the traffic to Nginx ingress which will route it to corresponding pods

-- Gijo Varghese
google-kubernetes-engine
kubernetes
kubernetes-ingress
nginx-ingress

Similar Questions

Helm change name of deployments artiefacts
Git checkout failed due to self-signed certicate on jenkins on k8s
Kubernetes ClusterIP service initial delay or liveness
Association class with a derived type
Why Cert Manager (and Lets encrypt) integrating with ISTIO fails to complete HTTP01 challenge

1 Answer

8/12/2019

Is not possible to point an Ingress to another Ingress. Furthermore and in your particular case, is also not possible to point a GCE ingress class to Nginx since it relies in an HTTP(S) Load Balancer, which can only have GCE instances/instances groups (basically the node pools in GKE), or GCS buckets as backends.

If you were to deploy an Nginx ingress using GKE, it will spin up a Network Load Balancer which is not a valid backend for the HTTP(S) Load Balancer.

So is neither possible via Ingress nor GCP infrastructure features. However, if you need the GCE ingress class to be hit first, and then, manage further routing with Nginx, you might want to consider having Nginx as a Kubernetes Service/Deployment to manage the incoming traffic once is within the cluster network.

You can create a ClusterIP service for internally accessing your Nginx deployment and from there, using cluster-local hostnames to redirect to other services/applications within the cluster.

-- yyyyahir
Source: StackOverflow