How to force SSL for Kubernetes Ingress on GKE

Question

Is there a way to force an SSL upgrade for incoming connections on the ingress load-balancer? Or if that is not possible with, can I disable port :80? I haven\'t found a goo

Answer 1

Worked on this for a long time. In case anyone isn't clear on the post above. You would rebuild your ingress with annotation -- kubernetes.io/ingress.allow-http: "false” -- Then delete your ingress and redeploy. The annotation will have the ingress only create a LB for 443, instead of both 443 and 80.

Then you do a compute HTTP LB, not one for GKE.

Gui directions: Create a load balancer and choose HTTP(S) Load Balancing -- Start configuration.

choose - From Internet to my VMs and continue

Choose a name for the LB

leave the backend configuration blank.

Under Host and path rules, select Advanced host and path rules with the action set to Redirect the client to different host/path. Leave the Host redirect field blank. Select Prefix Redirect and leave the Path value blank. Chose the redirect response code as 308. Tick the Enable box for HTTPS redirect.

For the Frontend configuration, leave http and port 80, for ip address select the static IP address being used for your GKE ingress.

Create this LB.

You will now have all http traffic go to this and 308 redirect to your https ingress for GKE. Super simple config setup and works well.

Note: If you just try to delete the port 80 LB that GKE makes (not doing the annotation change and rebuilding the ingress) and then adding the new redirect compute LB it does work, but you will start to see error messages on your Ingress saying error 400 invalid value for field 'resource.ipAddress " " is in use and would result in a conflict, invalid. It is trying to spin up the port 80 LB and can't because you already have an LB on port 80 using the same IP. It does work but the error is annoying and GKE keeps trying to build it (I think).