I am trying to figure out how to enable the proxy protocol header in GKE.
Usually, you can do it with gcloud:
gcloud compute target-ssl-proxies update my-ssl-lb-target-proxy \
--proxy-header=PROXY_V1
But GKE doesn't list it up as annotation:
https://cloud.google.com/kubernetes-engine/docs/how-to/service-parameters
Isn't there any support yet? :(
Thanks
CodePudding user response:
When you create a Service of type "LoadBalancer" in GKE, it uses a Network Load Balancer for external services and an Internal TCP/UDP Load Balancer for internal services.
You can use TCP and/or SSL Proxy load balancers as well, but it involves a bit of manual configuration. You will need to create a Standalone NEG and then associate that as the backend of a TCP or SSL Proxy LB.
To create a Standalone NEG, you create a Service of type ClusterIP and use a neg annotation:
apiVersion: v1
kind: Service
metadata:
name: neg-demo-svc
annotations:
cloud.google.com/neg: '{"exposed_ports": {"80":{"name": "NEG_NAME"}}}'
spec:
type: ClusterIP
selector:
run: neg-demo-app # Selects Pods labelled run: neg-demo-app
ports:
- port: 80
protocol: TCP
targetPort: 9376
You'd then associate the NEG with the backend service used by your TCP or SSL Proxy LB, for example
gcloud compute backend-services add-backend my-bes \
--global \
--network-endpoint-group=NEG_NAME
...