GKE Ingress

GCP's Ingress Controller for GKE automatically manages traffic routing to Kubernetes services, integrating Kubernetes workloads with Google Cloud's load-balancing infrastructure. It simplifies external access to applications, handling SSL termination and global load distribution.

GCP offers its own Ingress Controller, specifically created for Google Kubernetes Engine (GKE), to seamlessly integrate Kubernetes services with Google Cloud's advanced load balancing features.

Container-native load balancing with GKE Ingress

Container-native load balancing on Google Cloud Platform (GCP) allows Load Balancers to directly target Kubernetes Pods instead of using a node-based proxy. This approach improves performance by enabling more efficient routing, reducing latency by eliminating extra hops, and providing better health-checking capabilities.

It leverages the network endpoint groups (NEGs) feature to ensure that traffic is directed to the appropriate container instances, enabling more granular and efficient load distribution for applications running on GKE.

Prerequisites

Before you can create an Ingress, you must create the following DuploCloud resources:

• GKE Standard users: create a DuploCloud Tenant, Node Pool, and Service.

• GKE Autopilot users: create a DuploCloud Tenant, and Service.

See the DuploCloud GCP User Guide for steps on how to create Tenants, Node Pools and Services. Once your Tenant and Service are deployed, you can add and configure a Load Balancer listener.

Adding a Load Balancer listener with Kubernetes ClusterIP

Add a Load Balancer listener that uses Kubernetes (K8s) ClusterIP.

1. In the DuploCloud Portal, navigate Kubernetes -> Services.

2. On the Services page, select the Service name from the NAME column.

3. Click the Load Balancers tab.

4. Click Configure Load Balancer. The Add Load Balancer Listener pane appears.

1. From the Select Type list box, select K8s ClusterIP.

2. Optionally, enable Advanced Kubernetes Settings and configure the External Traffic Policy and Extra Selector Labels fields.

3. Optionally, select Set HealthCheck annotations (this ensures the Kubernetes Service is recognized by the GKE Ingress Controller).

4. Optionally, enable Additional health check configs.

5. Click Add. The Load Balancer listener details will appear in the Load Balancers tab on the Service details page.

Creating a GCP Managed Certificate (optional)

To enable SSL, create a GCP-managed certificate resource in the application namespace.

apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: my-managed-cert
  namespace: duploservices-npdev04gke
spec:
  domains:
  - npdev04.duplocloud.net #your A record name in DNS

Adding a Kubernetes Ingress

Once a Service and Load Balancer are deployed, add an Ingress:

1. Select Kubernetes -> Ingress from the navigation pane.

2. Click Add. The Add Kubernetes Ingress page displays.

3. Enter an Ingress Name.

4. From the Ingress Controller list box, select GCE.

5. From the Visibility list box, select Internal Only or Public.

6. Enter your DNS prefix in the DNS Prefix field.

7. Select your ARN from the Certificate ARN list box.

   
8. If you have created a GCP managed certificate, add the following annotations in the Annotations field to link the Ingress with your GCP-managed certificate

"networking.gke.io/managed-certificates" = "my-managed-cert",
"kubernetes.io/ingress.allow-http" = "false"

1. Enter labels in the Labels field, if required.

2. Click Add to add the Ingress.

Configuring Kubernetes Ingress rules

1. In the Add Kubernetes Ingress page, click Add Rule. The Add Ingress Rule pane displays.

1. Specify the Path (/samplePath/ in the example).

2. Optionally, specify the Path Type and Host. In this example, we specify a Path Type of Exact. Clicking the Info Tip icon ( ) provides more information for these optional fields.

3. From the Service Name list box, select the Service exposed through the K8S ClusterIP (nginx-test in the example). The Container port field is completed automatically.

4. Click Add Rule. The rule displays on the Add Kubernetes Ingress page. Repeat the preceding steps to add additional rules.

5. Click Add to add the Kubernetes Ingress. The Ingress displays on the Ingress page.

The Ingress creation will take a few minutes. Once the IP is attached to the Ingress, you are ready to use your path- or host-based routing defined via Ingress.

Viewing Ingress

You can view the Ingresses you have created by navigating to Kubernetes -> Ingress.