Warm tip: This article is reproduced from serverfault.com, please click
google-kubernetes-engine kubernetes-ingress rabbitmq ssl tcp

GKE Ingress for HTTPS and LoadBalancer for TCP on same backend?

发布于 2020-12-02 15:22:27

The usecase is this: I have a RabbitMQ cluster with STOMP over websocket. The websocket uses SSL (wss:x.x.x.x). I have an Ingress set up to handle the certificates. It forwards the traffic to internal port 15674. The RabbitMQ also needs to accept TCP on port 5672.

The Ingress load balancer does not do TCP, it is L7. The Service LoadBalancer does not do HTTPS, it is L4.

Is it possible to set up an Ingress and a Service LoadBalancer that points at the same back end but different ports? Is there another way to do this?

Questioner
Heinrich Venter
Viewed
11
分享
Frank 2020-12-03 02:08:52

GKE Ingress is only for HTTP / HTTPS / "HTTP/2" (TLS) traffic, you can create a GKE TCP LB that points to the same backend you have on a different port.

Something like this:

apiVersion: "v1"
kind: "Service"
metadata:
  name: "l4-loadbalancer"
  namespace: "default"
  labels:
    app: "nginx"
spec:
  ports:
  - protocol: "TCP"
    port: 80
    targetPort: 80
  selector:
    app: "nginx"
  type: "LoadBalancer"
  loadBalancerIP: ""

You can also handle all of this by only using a GKE tcp load balancer, but the downside would be that you would need to handle your SSL certs on your backend directly, if you want GCP to handle this, then the 2 load balancer approach would be better.

Heinrich Venter 2020-12-03 09:57:27

The important bit that I missed was that an Ingress and LoadBalancer can link to the same back end through the labels. The expected down side to this is that it creates 2 load balancers.

热门帖子

1
passwall2 的 dns 应该怎么设置啊?
2
Protected App:(几乎)无需代码给任意 web app 添加 authentication
3
为什么国外 VPS 带宽基本都是 1Gbps 起步,而中国 VPS 基本都是 1M 起步呢?中国的带宽真的这么贵吗?
4
2024.05.08 想入手一个安卓平板,求推荐
5
手持 iPhone13 pro max 最近想换机,求推荐
6
有没能按照 ip 进行流量统计的
7
iPad 不需要 macOS
8
AirPodsPro 充电盒掉了,有什么好办法继续用?网上那种单配的盒子能买吗?
9
最新进展:分享一个目前正在做的一个产品——ai 心灵伴侣
10
家里面用群晖安装 Debian 搭建 x-ui 后可以用作代理上网,不能访问内网。

热门github

1
Implementation of paper - YOLOv9: Learning What You Want to Learn Using Programmable Gradient Information
2
A Windows and Office activator using HWID / Ohook / KMS38 / Online KMS activation methods, with a focus on open-source code and fewer antivirus detections.
3
Get up and running with Llama 2, Mistral, Gemma, and other large language models.
4
该项目可以让你通过订阅的方式使用Cloudflare WARP+,自动获取流量。This project enables you to use Cloudflare WARP+ through subscription, automatically acquiring traffic.
5
Multi functional app to find duplicates, empty folders, similar images etc.
6
Xray panel supporting multi-protocol multi-user expire day & traffic & ip limit (Vmess & Vless & Trojan & ShadowSocks & Wireguard)
7
The Free Software Media System
8
lightweight, standalone C++ inference engine for Google's Gemma models.
9
📚 Freely available programming books
10
A collective list of free APIs
11
1️⃣🐝🏎️ The One Billion Row Challenge -- A fun exploration of how quickly 1B rows from a text file can be aggregated with Java
12
🎓 Path to a free self-taught education in Computer Science!
13
Curso para aprender el lenguaje de programación Python desde cero y para principiantes. 75 clases, 37 horas en vídeo, código, proyectos y grupo de chat. Fundamentos, frontend, backend, testing, IA...
14
This repository contains System Design resources which are useful while preparing for interviews and learning Distributed Systems
15
Mamba is a new state space model architecture showing promising performance on information-dense data such as language modeling, where previous subquadratic models fall short of Transformers. It is based on the line of progress on structured state space models, with an efficient hardware-aware design and implementation in the spirit of FlashAttention.