How to force SSL for Kubernetes Ingress on GKE

Question

Is there a way to force an SSL upgrade for incoming connections on the ingress load-balancer? Or if that is not possible with, can I disable port :80? I haven\'t found a goo

Answer 1

If you are not bound to the GCLB Ingress Controller you could have a look at the Nginx Ingress Controller. This controller is different to the builtin one in multiple ways. First and foremost you need to deploy and manage one by yourself. But if you are willing to do so, you get the benefit of not depending on the GCE LB (20$/month) and getting support for IPv6/websockets.

The documentation states:

By default the controller redirects (301) to HTTPS if TLS is enabled for that ingress . If you want to disable that behaviour globally, you can use ssl-redirect: "false" in the NGINX config map.

The recently released 0.9.0-beta.3 comes with an additional annotation for explicitly enforcing this redirect:

Force redirect to SSL using the annotation ingress.kubernetes.io/force-ssl-redirect