I'm working on an application that needs to handle both TCP/TLS connections and HTTP(S) requests. The tricky part is that the TLS connections require SSL termination at the instance itself, due to how we handle our certificates and authentication. Currently, I've set up a Managed Instance Group (MIG) on GCP along with a TCP pass-through load balancer and an HTTP(S) load balancer. However, I've hit a snag because GCP doesn't allow me to direct both load balancers to the same MIG.
So, I'm curious if it's possible to achieve this setup with Google Kubernetes Engine (GKE). Can Kubernetes support configuring a TCP and an HTTP load balancer to point to the same pod(s) on different ports? I really need the application to manage TLS termination, not the load balancer itself. Is this feasible?
1 Answer
You can't mix and match load balancers like that because TCP and HTTP(S) operate on different layers. For your case, you'll want to set up a TCP load balancer for the raw TCP port and a separate HTTP load balancer for the HTTP(s) requests. Just make sure they're routed to the correct ports. GKE should definitely be able to support this if configured right!
I think I'm getting it, but just to clarify, you're saying I can have one TCP pass-through load balancer that handles TLS and another one for HTTP(S) that deals with the certs and still point both at the same pods, right?