7

In GKE Ingress documentation it states that:

When you create an Ingress object, the GKE Ingress controller creates a Google Cloud HTTP(S) Load Balancer and configures it according to the information in the Ingress and its associated Services.

To me it seems that I can not have multiple ingress resources with single GCP ingress controller. Instead, GKE creates a new ingress controller for every ingress resource.

Is this really so, or is it possible to have multiple ingress resources with a single ingress controller in GKE?

I would like to have one GCP LoadBalancer as ingress controller with static IP and DNS configured, and then have multiple applications running in cluster, each application registering its own ingress resource with application specific host and/or path specifications.

Please note that I'm very new to GKE, GCP and Kubernetes in general, so it might be that I have misunderstood something.

Jarppe
  • 173
  • 4
  • 7

2 Answers2

9

I think the question you're actually asking is slightly different than what you have written. You want to know if multiple Ingress resources can be linked to a single GCP Load Balancer, not GKE Ingress controller. Based on the concept of a controller, there is only one GKE Ingress controller in a cluster, which is responsible for fulfilling multiple resources and provisioning multiple load balancers.

So, to answer the question directly (because I've been searching for a straight answer for a long time!):

Combining multiple Ingress resources into a single Google Cloud load balancer is not supported.

Source: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress

Sad.

However, using the nginx-ingress controller is one way to at least minimize the number of external (GCP) load balancers provisioned (it only provisions a single TCP load balancer), but since the load balancer is for TCP traffic, it cannot terminate SSL, or apply Firewall rules for you (Cloud Armor cannot be used, for instance).

The only way I know of to have a single HTTPS load-balancer in GCP terminate SSL and route traffic to multiple services in GKE is to combine the ingresses into a single resource with all paths and certificates defined in one place.

(If anybody figures out a way to do it with multiple separate ingress resources, I'd love to hear it!)

mltsy
  • 6,598
  • 3
  • 38
  • 51
3

Yes it is possible to have the single ingress controller for multiple ingress resources.

You can create multiple ingress resources as per path requirement and all will be managed by single ingress controller.

There are multiple ingress controller options also available you can use Nginx also that will create one LB and manage the paths.

Inside Kubernetes if you are creating a service with type LoadBalancer it will create the new LB resource in GCP so make sure your microservice type is ClusterIP and your all traffic goes inside K8s cluster via ingress path.

When you setup the ingress controller it will create one service with type LoadBalancer you can can use that IP in DNS servers to forward the subdomain and path to K8s cluster.

Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102
  • Thank you, that makes sense to me now. So instead of using GKE Ingress I should use GCP LB, and use Nginx or Ambassador etc as ingress controller. That sounds reasonable. Thank you for very clear answer, it explained a lot. – Jarppe Dec 06 '20 at 20:01
  • you can use anything that depends on your requirement Ambassador has some feature which Nginx doesn't support same for GKE ingress. it depends on the organization's requirements or type of workload you are running expected traffic. – Harsh Manvar Dec 07 '20 at 03:36