I wanted avoid using k8s Ingress on GKE, and instead manage all the proxies/rules/certificates manually through Terraform, and not through K8S. But the missing link is how would I get k8s Service name for creating a LoadBalancer Backend service? It seems to be created with random suffix, so it's not possible to hardcode it to Terraform configs.
If I understand correctly, sounds like you want to create the load balancer yourself (via Terraform) and not have it managed via K8S ingress?
I'd suggest taking a look at using standalone NEGs with GKE services. A NEG (which is a named resource) can be the backend for a LoadBalancer and can map to the pod endpoints backing a Service. You'd create a K8S Service resource, for example:
apiVersion: v1
kind: Service
metadata:
name: NEG_DEMO_SVC
annotations:
cloud.google.com/neg: '{"exposed_ports": {"80":{"name": "NEG_NAME"}}}'
spec:
type: ClusterIP
selector:
run: NEG_DEMO_APP # Selects Pods labelled run: NEG_DEMO_APP
ports:
- port: 80
protocol: TCP
targetPort: 9376
You'd then be able to create a GCE loadbalancer with a backend that uses the NEG and you'd have the name of the NEG since you'd pass that in when creating the Service resource. No Ingress involved.