It is not necessary to create an independent GCP HTTPS LB or other improvisation to redirect insecure HTTP traffic to your HTTPS load balancer. The existing public Ingress can reference a FrontendConfig object that specifies redirection to HTTPS.
Below is a FrontendConfig definition that can redirect the insecure traffic.
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
name: lb-http-to-https
spec:
redirectToHttps:
enabled: true
This just needs to be referenced as an annotation in the Ingress.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
kubernetes.io/ingress.class: gce
kubernetes.io/ingress.allow-http: "false"
networking.gke.io/v1beta1.FrontendConfig: lb-http-to-https
Client calls to the insecure protocol will now result in 301 over to the secure site.
Note this does not apply to Internal HTTPS LB (kubernetes.io/ingress.class: gce-internal), which are not compatible with FrontendConfig.
REFERENCES
google, https to http redirection