I'm working on an application that handles both TCP/TLS connections and HTTP requests. For my setup, I need to terminate SSL at the instance due to how we manage certificates and authentication. I've set up a Managed Instance Group (MIG) in GCP with both a TCP pass-through load balancer and an HTTP(s) load balancer. However, I'm running into an issue since I'm not allowed to direct both the TCP and HTTP load balancer to the same MIG. Now I'm curious if Kubernetes (GKE) allows for both a TCP and HTTP load balancer to point to the same pods, albeit on different ports. I require the TLS connection to be terminated at the instance, not at the load balancer. Is this setup feasible in Kubernetes?
4 Answers
Load balancers in GCP are strictly TCP or UDP. Since HTTP(S) is based on TCP, you'll need to set up a dedicated TCP load balancer for your non-HTTP traffic and a separate HTTP load balancer for your web traffic. If you're using Kubernetes, make sure to define this in your service configuration, as it can handle multiple ports.
Absolutely, in Kubernetes, you can define services that expose multiple ports. Just configure one service for the TCP traffic (with pass-through for TLS termination on your instance) and another service for the HTTP traffic (which would terminate HTTPS and handle all your certificates). It sounds like your previous setup in GCP with the managed instance groups wasn't aligned with this capability.
Just keep in mind, TCP operates at layer 4 while HTTP operates at layer 7. They're different types of load balancers. If you're thinking about how to set them up, just focus on what each one is designed to handle.
Considering GKE, yes, it should work. If you're using Ingress in Kubernetes, it can handle the HTTP(S) requests while you configure a separate service for TCP. Just ensure you're clearly defining the ports and services in your deployment.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically