# GKE Ingress GCP's Ingress Controller for GKE automatically manages traffic routing to Kubernetes services, integrating Kubernetes workloads with Google Cloud's load-balancing infrastructure. It simplifies external access to applications, handling SSL termination and global load distribution. GCP offers its own Ingress Controller, specifically created for Google Kubernetes Engine (GKE), to seamlessly integrate Kubernetes services with Google Cloud's advanced load balancing features. ## Container-native load balancing with GKE Ingress Container-native load balancing on Google Cloud Platform (GCP) allows Load Balancers to directly target Kubernetes Pods instead of using a node-based proxy. This approach improves performance by enabling more efficient routing, reducing latency by eliminating extra hops, and providing better health-checking capabilities. It leverages the network endpoint groups (NEGs) feature to ensure that traffic is directed to the appropriate container instances, enabling more granular and efficient load distribution for applications running on GKE.

## Prerequisites Before you can create an Ingress, you must create the following DuploCloud resources: * **GKE Standard** users: create a DuploCloud **Tenant**, **Node Pool**, and **Service**. * **GKE Autopilot** users: create a DuploCloud **Tenant**, and **Service**. See the [DuploCloud GCP User Guide](https://docs.duplocloud.com/docs/automation-platform/overview-1) for steps on how to create Tenants, Node Pools and Services. Once your Tenant and Service are deployed, you can add and configure a Load Balancer listener. ## Adding a Load Balancer listener with Kubernetes ClusterIP 1. In the DuploCloud Portal, navigate **Kubernetes** -> **Services.** 2. On the **Services** page, select the Service name from the **NAME** column. 3. Click the **Load Balancers** tab. 4. Click **Configure Load Balancer**. The **Add Load Balancer Listener** pane appears.

5. From the **Select Type** list box, select **K8s ClusterIP**. 6. Optionally, enable **Advanced Kubernetes Settings** and configure the **External Traffic Policy** and **Extra Selector Labels** fields. 7. Optionally, select **Set HealthCheck annotations** (this ensures the Kubernetes Service is recognized by the GKE Ingress Controller). 8. Optionally, enable **Additional health check configs**. 9. Click **Add**. The Load Balancer listener details will appear in the **Load Balancers** tab on the Service details page.

## Creating a GCP Managed Certificate (optional) To enable SSL, create a GCP-managed certificate resource in the application namespace, as shown in the example below. ``` apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: name: my-managed-cert namespace: duploservices-npdev04gke spec: domains: - npdev04.duplocloud.net #your A record name in DNS ``` ## Adding a Kubernetes Ingress Once a Service and Load Balancer are deployed, complete the following steps to add an Ingress: ### Configuring the Ingress 1. Select **Kubernetes** -> **Ingress** from the navigation pane. 2. Click **Add**. The **Add Kubernetes Ingress** page displays.

1. Complete the fields to configure the Ingress:

Field	Description
Ingress Name	Enter a unique name for your Ingress.
Ingress Controller	Select GCE to use the Google Cloud Ingress Controller for GKE.
Visibility	Choose Internal Only or Public to define load balancer visibility.
DNS Prefix	Specify the DNS prefix for the Ingress (e.g., `myapp`).
TLS Hosts	Enter the domain names to secure with TLS (e.g., `example.com,www.example.com`), separated by commas.
TLS Secret Name	Enter the Kubernetes TLS secret containing the certificate and key. Must exist in the Ingress namespace.
Annotations	Optional: Add Kubernetes annotations in `key=value` format. Use this to configure Ingress behavior or link to a GCP Managed Certificate.
Labels	Optionally, enter labels to organize the Ingress resource.

{% hint style="info" %} **Note:**\ The **Certificate ARN** field from previous versions has been removed. TLS is now configured using: * The **TLS Hosts** and **TLS Secret Name** fields * Or annotations such as: ``` networking.gke.io/managed-certificates=my-managed-cert kubernetes.io/ingress.allow-http=false ``` This update reflects GCP’s native Ingress TLS behavior. {% endhint %} 4. Before you can save the Ingress, you must add at least one rule. In the **Ingress Rules** section, click **Add Rule**. The **Add Ingress Rule** pane displays.

2. Complete the fields to configure the rule:

Field	Description
Path	Enter the URL path to match (e.g., `/samplePath`).
Path Type	Select the path matching behavior, such as `Exact`, `Prefix`, or `ImplementationSpecific`.
Host	Optionally, enter the hostname to match (e.g., `api.example.com`).
Service	Select the Kubernetes Service to expose through the Ingress. Only Services using K8s ClusterIP are valid.
Container Port	Select the port from the Kubernetes service that ingress will use as backend port to serve the requests.

3. Click **Add Rule** to add the rule to the Ingress. Repeat the steps to define additional rules as needed. 4. After at least one rule is added, click **Add** to create the Ingress. Ingress creation will take a few minutes. Once the IP is attached to the Ingress, the Ingress displays on the **Ingress** page and you are ready to use your path- or host-based routing defined via Ingress. ## Viewing an Ingress You can view the Ingresses you have created by navigating to **Kubernetes** -> **Ingress**. Click on an Ingress name in the **NAME** column to view Ingress details.