Kuberntes SSL for Service of Type LoadBalancer

Question

I am deploying a Socket.IO and NodeJs based application on Kubernetes. I found that with the following configuration of Service I can maintain client stickiness very easily,

    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: my-service
      labels:
        app: my-service
    spec:
      replicas: 3
      template:
        metadata:
          labels:
            app: my-service
        spec:
          containers:
            - image: gcr.io/app_name/my-service:latest
              imagePullPolicy: Always
              name: my-service
              ports:
                - containerPort: 8080
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: my-service
      annotations:
        traefik.backend.loadbalancer.stickiness: "true"
      labels:
        app: my-service
    spec:
      type: LoadBalancer
      sessionAffinity: "ClientIP"
      ports:
        - name: my-service
          port: 80
          protocol: TCP
          targetPort: 4000
      selector:
        app: my-service

Now, I am stuck with adding SSL Certs. I am not able to get a documentation or resource to add SSL Certs for Service of Type LoadBalancer. Is it Possible? if it is then, how can I dot it?

If it is not possible at all is there any other way? I am using GKE on GCP. Can anyone help me with this? thanks.

Answer 1

It looks kind of weird as you mention traefik in your annotations. Still, managing cert for this case is almost impossible≥ It would have to be supported on cloud provider level based on annotations cause there is no explicit way to bound tls certificate with particular service/port, not to mention automated certificates like with cert-manager/ingress.

To achieve that you should use some kind of API gateway / ingress controller, that can handle this for you instead of exposing your service directly, or implement TLS support in your application.