This page helps you choose the most suitable API for deploying load balancers to distribute traffic across a fleet of Google Kubernetes Engine (GKE) clusters.
You can attach a load balancer to your fleet of GKE clusters in the following ways:
Use the Multi Cluster Ingress APIs such as the Multi Cluster Ingress and MultiClusterService resources.
Use the Gateway APIs (GatewayClass, Gateway, HTTPRoute, Policy, ServiceExport, and ServiceImport resources).
Set up the Application Load Balancer using Google Cloud console, gcloud CLI, API, Terraform, Config Connector and attach Standalone NEGs to the user-managed backend services.
The following table lists the different ways in which you can attach a load balancer to your fleet of GKE clusters. Any features listed in the Load balancer feature comparison page that aren't listed in the following table should work with a user-managed load balancer with Standalone NEGs, instead of relying on the Kubernetes-native API for load balancing.
| Solution | Multi Cluster Ingress | Multi-cluster Gateway | User-managed load balancer with Standalone NEGs |
|---|---|---|---|
| GKE platform support | |||
| Product launch stage | GA | GA | GA |
| GKE editions | Enterprise / Standard | Enterprise / Standard | Enterprise / Standard |
| Cluster mode | Standard / Autopilot | Standard / Autopilot | Standard / Autopilot |
| GKE Version | 1.18 and later | GKE 1.24 and later for Standard and 1.26 and later for Autopilot | 1.18 and later |
| Architecture and components | |||
| Google-managed Kubernetes controller | |||
| Controller | GKE Multi Cluster Ingress controller | GKE Gateway controller | - |
| Controller location | Off-cluster
(Google Cloud infrastructure) |
Off-cluster
(Google Cloud infrastructure) |
- |
| API | Kubernetes-native API | Kubernetes-native API | Google Cloud API (gcloud CLI) |
| API resources | MultiClusterIngress, MultiClusterService | GatewayClass, Gateway, HTTPRoute, *Policy | - |
| API launch stage | GA (v1) | GA (v1) | - |
| API enablement on GKE | Cluster setting on Autopilot / Standard | Default on Autopilot
Cluster setting on Standard |
- |
| Multi-cluster Services support | |||
| Multi-cluster Services (MCS) required | |||
| MCS API version | networking.gke.io/v1 | net.gke.io/v1 | - |
| Resource type | MultiClusterService | ServiceExport | - |
| License | Proprietary | Open source | - |
| Cloud Networking resources lifecycle management (excluding Shared VPC) | |||
| Automated frontend IP address management | |||
Automated Cloud Load Balancer management
|
|||
| Automated Network Endpoint Groups (NEGs) management |
(Zonal NEGs only) |
(Zonal NEGs only) |
(Zonal NEGs only, annotation required on the Kubernetes Service) |
| Cloud NGFW management |
(VPC firewall rules only, Managed rules) |
(VPC firewall rules only, Managed rules) |
|
| Shared VPC support | |||
| Clusters and fleet (Hub) in the host project | |||
| Clusters and fleet (Hub) in the same service project |
(with firewall rules permissions in host project) |
||
| Clusters and fleet (Hub) in different projects | |||
| Load balancers support | |||
| Application load balancers | |||
| Classic | |||
| Global external | |||
| Regional external | |||
| Regional internal | |||
| Cross-region internal | |||
| Proxy Network Load Balancers | |||
| Classic | |||
| Global external | |||
| Regional external | |||
| Internal (Always regional) | |||
| Passthrough Network Load Balancers | |||
| External (Always regional) | |||
| Internal (Always regional) | |||
| Client-to-Load-balancer protocols support | |||
| HTTP, HTTPS, HTTP/2 | |||
| WebSocket | |||
| HTTP/3 (based on IETF QUIC) | |||
| SSL (TLS) or TCP | |||
| Load Balancer backends support | |||
| Pods (Zonal NEGs) | |||
| Virtual Machines (including GKE nodes) | |||
Other backends:
|
|||
| Load balancer-to-backends protocols support | |||
| HTTP, HTTPS, HTTP/2 (One of) | |||
| WebSocket | |||
| SSL (TLS) or TCP (One of) | |||
| IP addressing and protocols | |||
| Dynamic IP address assignment | |||
| Static IP address assignment | |||
| Same IP address for multiple ports (HTTP, HTTPS) | |||
| IPv6 |
(Load balancer-to-backend traffic remains IPv4) |
(Load balancer-to-backend traffic remains IPv4) |
(Load balancer-to-backend traffic remains IPv4) |
| Routing and traffic management | |||
| Global access | |||
| Cross-project load balancing | |||
| Host/Path routing |
(Prefix, Exact match) |
(Prefix, Exact match) |
|
| Header-based routing |
(Exact match) |
||
| Path redirects | |||
| URL rewrites | |||
| Traffic splitting | |||
| Traffic mirroring | |||
| Traffic cut over | |||
| Traffic-based autoscaling | |||
| Custom request headers | |||
| Custom response headers | |||
| Cross-namespace routing | |||
| Frontend Security | |||
| SSL policy | |||
| HTTP-to-HTTPS redirect | |||
| Multiple TLS certificates support | |||
| Kubernetes Secrets-based certificates | |||
| Self-managed SSL certificates | |||
| Google-managed SSL certificates | |||
| Certificate Manager support | |||
| Backend service properties | |||
| Connection draining timeout | |||
| Session affinity | |||
| HTTP access logging configuration | |||
| Backend service timeout | |||
| Custom load balancer health check configuration | |||
| TLS to backend services | |||
| Custom default backend | |||
| Cloud CDN |
(Not all features) |
(All features) |
|
| Identity-Aware Proxy (IAP) | |||
| Google Cloud Armor security policy | |||
What's next
- Set up multi-cluster Ingress.
- Deploying Ingress across clusters.
- Enable multi-cluster Gateway.
- Deploy multi-cluster Gateways.
- Container-native load balancing through standalone zonal NEGs.