1

I have an internal load balancer to balance internal traffic to my Kubernetes cluster (hosted in GKE). According to the Internal Load Balancer documentation, it only balances L3/L4 traffic.

I need to support HTTPS traffic but an L3/L4 load balancer cannot terminate SSL connections as far as I'm aware. So, if possible, how can I terminate SSL and support HTTPS? Is there a way to terminate SSL at the application container/instance itself while still using the ILB?

I can't use external IPs since all traffic needs to go through a VPN tunnel. My backend application is currently using Python Flask and Gunicorn if that's relevant. Can I just configure an nginx or apache configuration to terminate SSL (and not load balance or do anything else)

swigganicks
  • 221
  • 3
  • 8

2 Answers2

3

You are correct in assuming you cannot terminate SSL using an internal load balancer. The doc you provided in the description supports that statement.

You will have to terminate SSL connections within your pods. You are also correct in that you can configure nginx or apache within your pods to terminate SSL without load balancing.

xavierc
  • 153
  • 5
3

Internal load balancer as of now is a L4 load balancer, SSL/TLS is a L7 feature, so you can't do L7 feature on a L4 load balancer.

Guagua
  • 131
  • 2