I am currently trying to do a SSL termination for a EMQX Broker implemented in GKE.
The implementation of the EMQX broker exposed by a NGINX Ingress L4 load balancer was successful. I am able to display the dashboard and connect to the broker successfully via the LB IP.
I've tried creating an NGINX Ingress pointing to the broker and the L4 load balancer but can't add SSL to it via a google managed certificate.
I've also tried creating a Google TPC/UDP Load Balancer but only the dashboard is displayed and I can't connect to the broker maybe because the HTTP to TCP traffic is not pointed to the correct port? I'm not sure.
I thought that maybe implemented a L7 Load Balancer that points to the Backend Service created by the Ingress pointing to the L4 Load Balancer ports would be an option but couldn't make it work.
Has anyone been able to implement this architecture and can provide me with an example of it? Basically I want to connect to the broker via WSS with a custom domain using Kubernetes with a google managed certificate.
Thanks.
You could terminate SSL/TLS at the EMQX broker, this will consume some CPU and memory.
Refer this blog