GKE Ingress

Adding an Ingress for DuploCloud Google Cloud Platform Load Balancers

GCP's Ingress Controller for GKE automatically manages traffic routing to Kubernetes services, integrating Kubernetes workloads with Google Cloud's load-balancing infrastructure. It simplifies external access to applications, handling SSL termination and global load distribution.

GCP offers its own Ingress Controller, specifically created for Google Kubernetes Engine (GKE), to seamlessly integrate Kubernetes services with Google Cloud's advanced load balancing features.

Container-native load balancing with GKE Ingress

Container-native load balancing on Google Cloud Platform (GCP) allows Load Balancers to directly target Kubernetes Pods instead of using a node-based proxy. This approach improves performance by enabling more efficient routing, reducing latency by eliminating extra hops, and providing better health-checking capabilities.

It leverages the network endpoint groups (NEGs) feature to ensure that traffic is directed to the appropriate container instances, enabling more granular and efficient load distribution for applications running on GKE.

GKE Container Native Load Balancing

Prerequisites

Before you can create an Ingress, you must create the following DuploCloud resources:

  • GKE Standard users: create a DuploCloud Tenant, Node Pool, and Service.

  • GKE Autopilot users: create a DuploCloud Tenant, and Service.

See the DuploCloud GCP User Guide for steps on how to create Tenants, Node Pools and Services. Once your Tenant and Service are deployed, you can add and configure a Load Balancer listener.

Adding a Load Balancer listener with Kubernetes ClusterIP

  1. In the DuploCloud Portal, navigate Kubernetes -> Services.

  2. On the Services page, select the Service name from the NAME column.

  3. Click the Load Balancers tab.

  4. Click Configure Load Balancer. The Add Load Balancer Listener pane appears.

Add Load Balancer Listener pane
  1. From the Select Type list box, select K8s ClusterIP.

  2. Optionally, enable Advanced Kubernetes Settings and configure the External Traffic Policy and Extra Selector Labels fields.

  3. Optionally, select Set HealthCheck annotations (this ensures the Kubernetes Service is recognized by the GKE Ingress Controller).

  4. Optionally, enable Additional health check configs.

  5. Click Add. The Load Balancer listener details will appear in the Load Balancers tab on the Service details page.

Load Balancers tab

Creating a GCP Managed Certificate (optional)

To enable SSL, create a GCP-managed certificate resource in the application namespace, as shown in the example below.

apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: my-managed-cert
  namespace: duploservices-npdev04gke
spec:
  domains:
  - npdev04.duplocloud.net #your A record name in DNS

Adding a Kubernetes Ingress

Once a Service and Load Balancer are deployed, complete the following steps to add an Ingress:

Configuring the Ingress

  1. Select Kubernetes -> Ingress from the navigation pane.

  2. Click Add. The Add Kubernetes Ingress page displays.

The Add Kubernetes Ingress page
  1. Complete the fields to configure the Ingress:

Ingress Name

Enter a unique name for your Ingress.

Ingress Controller

Select GCE to use the Google Cloud Ingress Controller for GKE.

Visibility

Choose Internal Only or Public to define load balancer visibility.

DNS Prefix

Specify the DNS prefix for the Ingress (e.g., myapp).

TLS Hosts

Enter the domain names to secure with TLS (e.g., example.com,www.example.com), separated by commas.

TLS Secret Name

Enter the Kubernetes TLS secret containing the certificate and key. Must exist in the Ingress namespace.

Annotations

Optional: Add Kubernetes annotations in key=value format. Use this to configure Ingress behavior or link to a GCP Managed Certificate.

Labels

Optionally, enter labels to organize the Ingress resource.

Note: The Certificate ARN field from previous versions has been removed. TLS is now configured using:

  • The TLS Hosts and TLS Secret Name fields

  • Or annotations such as:

    bashCopyEditnetworking.gke.io/managed-certificates=my-managed-cert
    kubernetes.io/ingress.allow-http=false

This update reflects GCP’s native Ingress TLS behavior.

  1. Before you can save the Ingress, you must add at least one rule. In the Ingress Rules section, click Add Rule. The Add Ingress Rule pane displays.

Add Ingress Rule pane
  1. Complete the fields to configure the rule:

Path

Enter the URL path to match (e.g., /samplePath).

Path Type

Select the path matching behavior, such as Exact, Prefix, or ImplementationSpecific.

Host

Optionally, enter the hostname to match (e.g., api.example.com).

Service

Select the Kubernetes Service to expose through the Ingress. Only Services using K8s ClusterIP are valid.

Container Port

Select the port from the Kubernetes service that ingress will use as backend port to serve the requests.

  1. Click Add Rule to add the rule to the Ingress. Repeat the steps to define additional rules as needed.

  2. After at least one rule is added, click Add to create the Ingress. Ingress creation will take a few minutes. Once the IP is attached to the Ingress, the Ingress displays on the Ingress page and you are ready to use your path- or host-based routing defined via Ingress.

Viewing an Ingress

You can view the Ingresses you have created by navigating to Kubernetes -> Ingress.

Click on an Ingress name in the NAME column to view Ingress details.

Ingress page displaying the added Ingress

Last updated

Was this helpful?