Hi everyone,
I have few workloads running on GKE which I don’t want to be exposed individually thus I have created a GCE ingress that routes traffic to the workloads. To retain consistency I have created a static IP and IO linked it to the Ingress. Since I don’t want any request to come from the public network I have created an internal ingress, now my ingress is working fine and my internal consumers are able to connect to my ingress through the static IP. I don’t want the IP address to be shared to the consumers thus I have created a domain name that I could use. Based on the documentation I was trying to update the ingress but I came up across an issue, since I am using a GCE internal ingress I can’t enable both HTTP and HTTPS traffic in the same IP address and I keep getting the warning to disable HTTP traffic. I tried to see if I could use two different IPs pointing to same IP address but even that also didn’t workout. I would like to avoid any disruption of service to the consumers while enabling the HTTPS endpoint for the ingress, is there any alternative approach I could take that could meet my requirements? Following is the manifest I used for creating the ingress -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: https-ingress-01
annotations:
kubernetes.io/ingress.regional-static-ip-name: dev-static-internal-ip-lb
kubernetes.io/ingress.class: “gce-internal”
kubernetes.io/ingress.allow-http: “false”
ingress.gcp.kubernetes.io/pre-shared-cert: dev-static-internal-ip-certs
spec:
rules:
- host: dev1.anthos.n-xxxx.gcp.private
http:
paths: - path: /test1/api/*
pathType: ImplementationSpecific
backend:
service:
name: demo-api-v1
port:
number: 8080