Cloud Armor, GCP Ingress to Nginx Ingress

#1

Cloud being used: Google Cloud

Hi all, i have a question about Cloud Armor, and ingress setup. For Cloud Armor to work, i need a global ip address in GCP. But as i understand, i can’t get my Nginx Ingress loadbalancer to have a GCP Global IP, so i have to use the GCP Loadbalancer instead.
Is there a solution to get all traffic from a GCP Loadbalancer/ingress directly to the Nginx ingress in my cluster? Because i have alot of configuration with my Nginx Ingress right now, and don’t want to move to other solutions.

#2

GKE only supports a L7 with their GCE (dont get confused with GCE, the VM) ingress controller as you already know.

What you can do is that have your Nginx controller run as a service using NodePort type. Then, you can make a forward rule in your GCE controller that’s hooked up to your L7.

So, traffic flows like,

Internet -> L7 -> GCE controller -> Nginx service -> your apps

I know this seems to be overly complicated but it’s what it is with GKE.

I wish GKE allows 3rd party ingress controllers to be hooked to a L7, but then who would use their dumb GCE controller :slight_smile:

Good luck.

3 Likes
#3

Thanks for the great answer! Google support couldn’t explain anything, that make just a little bit sense :smiley: