4

I'd love to set up HSTS with my GKE cluster, as right now HTTP requests return a Google broken robot 404 page after setting this up in ingress.yml annotations: kubernetes.io/ingress.allow-http: "false"

Apparently there are options for this in ingress.yml (namely hsts-max-age and hsts-include-subdomains), but as far as I understand it's not supported by GKE: https://github.com/kubernetes/ingress/blob/7c749ede0a2d88f289279d61d04005e22f002104/docs/annotations.md#tls-related

I'd really like to avoid using and maintaining a custom Nginx load balancer and losing Google's scaling, sticking to the default one would be a strong requirement. I'd also like to avoid letting HTTP requests pass through and handling redirects and the HSTS header in my app.

If HSTS isn't possible, I could live with a good redirection setup.

Thanks a lot!

dain
  • 177

3 Answers3

5

HSTS is currently not possible by Google Cloud Load Balancer. There is a feature request already open for this feature . You can subscribe to the feature request for updates.

Faizan
  • 1,438
4

Google Cloud seems to support now custom request and response headers for HTTP(S) Load Balancers. I've added a custom Strict-Transport-Security response header for our backend and it works as expected.

In the given example we use a backend bucket, however the custom header option is available for other backend types too.

Example custom response header

philsch
  • 156
2

Currently this *is supported by GCLB backend configuration however it is not available as a setting for gce-ingress controller. Hopefully someday!

See: https://github.com/kubernetes/ingress-gce/issues/1106

deploycat
  • 35