K
Q

kubernetes on gcp create an https Load Balancer with yaml

6/25/2021

In my project I have to create a kubernetes cluster on my GCP with an External Load Balancer service for my django app. I create it with this yaml file:

apiVersion: v1
kind: Service
metadata:
  name: mydjango
  namespace: test1
  labels:
    app: mydjango
spec:
  ports:
  - name: http
    port: 8000
    targetPort: 8000
  selector:
    app: mydjango
  type: LoadBalancer

I apply it and all work is done on my cluster except for the fact that kubernetes create a Load balancer using http.

How can I modify my yaml to create the same Load Balancer using https instead http using my google managed certs?

So many thanks in advance Manuel

-- Manuel Santi
google-cloud-platform
kubernetes
kubernetes-service

Similar Questions

azure devops release pipeline keeps failing at kubectl apply?
Can I use two Haproxy ingress controller in two different namespaces in the same cluster?
How to check logs for deployment?
external IP not being generated for elastic
None persistent Prometheus metrics on Kubernetes

2 Answers

6/25/2021

If you want to serve HTTPS, you need a certificate. For that, you can follow this documentation with Google managed certificates.

You also have to define an ingress to route the traffic.

-- guillaume blaquiere
Source: StackOverflow
6/28/2021

I whole wholeheartedly agree with the answer provided by @guillaume blaquiere.

You should use following guide to have the HTTPS connection to your Django.

I would also like to add some additional information/resources to the whole question.

Addressing the following statement:

I apply it and all work done on my cluster except for the fact that kubernetes create a Load balancer using http.

In fact you are creating a network load balancer (layer 4), (TCP/UDP):

When you create a Service of type LoadBalancer, a Google Cloud controller wakes up and configures a network load balancer in your project. The load balancer has a stable IP address that is accessible from outside of your project.

-- Cloud.google.com: Kubernetes Engine: Docs: Concepts: Service: Service of type LoadBalancer

This type of a load balancer will forward the packets to its destination but it won't be able to accomplish things like path based routing or SSL termination.

To have the ability to connect to your Django app with HTTPS you can:

In the whole process you will be using an Ingress resource to forward the traffic to the specific backend. Your Ingress controller will also be responsible for handling SSL.

A side note!

I'd reckon you could change the Service of type LoadBalancer to a Service of type NodePort.

You final Ingress definition will look similar to the one below: 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: INGRESS_NAME
  namespace: test1
  annotations:
    kubernetes.io/ingress.global-static-ip-name: ADDRESS_NAME
    networking.gke.io/managed-certificates: CERTIFICATE_NAME
    kubernetes.io/ingress.class: "gce"
spec:
  defaultBackend:
    service:
      name: mydjango
      port:
        number: 8080

Alternatively you can:

Additional resources:

I'd reckon you could also take a look on this answer (on how the communication is happening with nginx-ingress):

-- Dawid Kruk
Source: StackOverflow