This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

unable to create https backend and https healthcheck on gke

Posted on 07-04-2023 05:23 AM
nishitkumar
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

I have created a private gke cluster and also created a L7 Loadbalancer using Ingress.yaml , but the backend service of the L7 Loadbalancer is by default HTTP also the health check protocol it created is also HTTP as you can see in the pic I have attached.

Backend-k8-lb.png

Healthcheck pic

healthcheck.png

please tell what change should I do in my ingress manifest file or deployment manifest file so that backend service of the load balancer and health check becomes HTTPS.

0 3 1,214
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
Marvin_Lucero
Staff
Reply posted on --/--/---- --:-- AM

Hi @nishitkumar ,

Based from your setup, you may try considering HTTP to HTTPS redirect. You can follow the guide on that link. 

Other option is, you can change an existing backend and health check from HTTP to HTTPS in Google Kubernetes Engine (GKE). Follow these steps:

1. First, obtain an SSL/TLS Certificate. Acquire an SSL/TLS certificate for your domain or subdomain. You can obtain a certificate from a certificate authority (CA) or use Let's Encrypt for free certificates.

2. Next, you have to update your Backend Configuration. Modify your backend configuration to listen for HTTPS traffic instead of HTTP. Update the container or application within your backend to support HTTPS.

3. Then, update your Ingress or LoadBalancer Configuration. If you're using an Ingress resource, update the Ingress configuration to use HTTPS. Specify the appropriate TLS section with the secretName referencing the Kubernetes Secret that contains your SSL/TLS certificate and private key.

If you're using a LoadBalancer service, modify the LoadBalancer configuration to handle HTTPS traffic. Update the SSL certificate and private key references in the LoadBalancer configuration.

4. Next is, you have to update Health Check Configuration. Change the health check configuration to use an HTTPS health check instead of an HTTP health check. Modify the health check path, port, and protocol to reflect the HTTPS setup.

5. Lastly, redeploy or update your Kubernetes resources. Apply the modified configuration changes to your GKE cluster. This will update the backend, Ingress, or LoadBalancer configuration, as well as the health check settings.

0 Likes

Posted on --/--/---- --:-- AM
mrcloud
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

https://cloud.google.com/kubernetes-engine/docs/concepts/ingressIf you don't specify a default backend, GKE provides a default backend that returns 404. This is created as a default-http-backend NodePort service on the cluster in the kube-system namespace.

0 Likes

Posted on --/--/---- --:-- AM
garisingh
Staff
Reply posted on --/--/---- --:-- AM

If you want to use HTTPS/TLS between Ingress and your backend service then you need to:

1) Make sure that your backend supports HTTPS 
2) Add thecloud.google.com/app-protocols annotation to your Service:

apiVersion: v1
kind: Service
metadata:
  name: my-service
  annotations:
    cloud.google.com/app-protocols: '{"my-https-port":"HTTPS"}'
spec:
  type: NodePort
  selector:
    app: metrics
    department: sales
  ports:
  - name: my-https-port
    port: 443
    targetPort: 8443

 

The health check will then also be configured to use HTTPS as well since it can infer that from thecloud.google.com/app-protocols annotation.  (https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-xlb#https_tls_between_load_balancer...)

If you need to customize the health check, you can attach a BackendConfig to your Service.

0 Likes
Top Labels in this Space