Kubernetes load balancer SSL termination in google container engine?

Question

Background:

I'm pretty new to the Google's Cloud platform so I want to make sure that I'm not is missing anything obvious.

We're experimenting with GKE and Kubernetes and we'd like to expose some services over https. I've read the documentation for http(s) load-balancing which seem to suggest that you should maintain your own nginx instance that does SSL terminal and load balancing. To me this looks quite complex (I'm used to working on AWS and its load-balancer (ELB) which has supported SSL termination for ages).

Questions:

1. Is creating and maintaining an nginx instance the way to go if all you need is SSL termination in GKE?
2. If so, how is this done? The documentation doesn't really seem to convey this afaict.

Answer 1

Tl;Dr: Watch this space for Kubernetes 1.2

Till now Kubernetes has only supported L4 loadbalancing. This means the GCE/GKE loadbalancer opens up a tcp connection and just sends traffic to your backend, which is responsible for terminating ssl. As of Kubernetes 1.1, Kubernetes has an "Ingress" resource, but it's currently in Beta and only supports HTTP. It will support different SSL modes in 1.2.

So, how to terminate SSL with a normal Kubernetes service?
https://github.com/kubernetes/kubernetes/blob/release-1.0/examples/https-nginx/README.md

How to create a loadbalancer for this Service?
L4: Change NodePort to LoadBalancer (https://github.com/kubernetes/kubernetes/blob/release-1.0/examples/https-nginx/nginx-app.yaml#L8)
L7: Deploy a Service loadbalancer (https://github.com/kubernetes/contrib/tree/master/service-loadbalancer#https)

How to create a GCE HTTP loadbalancer through Kubernetes? https://github.com/kubernetes/kubernetes/blob/master/docs/user-guide/ingress.md#simple-fanout

So how to create a GCE HTTPS loadbalancer through Kubernetes?
Coming in 1.2, currently the process is manual. If you're not clear on the exact manual steps reply to this and I will clarify (not sure if I should list all of them here and confuse you even more).