Cloud being used: Google Cloud
Hi all, i have a question about Cloud Armor, and ingress setup. For Cloud Armor to work, i need a global ip address in GCP. But as i understand, i can’t get my Nginx Ingress loadbalancer to have a GCP Global IP, so i have to use the GCP Loadbalancer instead.
Is there a solution to get all traffic from a GCP Loadbalancer/ingress directly to the Nginx ingress in my cluster? Because i have alot of configuration with my Nginx Ingress right now, and don’t want to move to other solutions.
GKE only supports a L7 with their GCE (dont get confused with GCE, the VM) ingress controller as you already know.
What you can do is that have your Nginx controller run as a service using NodePort type. Then, you can make a forward rule in your GCE controller that’s hooked up to your L7.
So, traffic flows like,
Internet -> L7 -> GCE controller -> Nginx service -> your apps
I know this seems to be overly complicated but it’s what it is with GKE.
I wish GKE allows 3rd party ingress controllers to be hooked to a L7, but then who would use their dumb GCE controller
Good luck.
3 Likes
Thanks for the great answer! Google support couldn’t explain anything, that make just a little bit sense