GKE ingress-controller not doing anything

[Andy Hume]

Hi,

I’m trying to debug why the GKE built-in ingress-controller is not spinning up a GCP load balancer for me. I have had this working previously but have presumably broken the configuration somewhere. The only way I can see of getting useful information is by describing the ingress. It has just one event…

$ kubectl describe ing --namespace=stage

Name: flags

Namespace: stage

Address:

Default backend: flags:80 (10.192.160.4:3000,10.192.161.8:3000,10.192.162.6:3000)

TLS:

  ssl terminates

Rules:

  Host Path Backends

  ---- ---- --------

  * * flags:80 (10.192.160.4:3000,10.192.161.8:3000,10.192.162.6:3000)

Annotations:

Events:

  FirstSeen LastSeen Count From SubobjectPath Type Reason Message

  --------- -------- ----- ---- ------------- -------- ------ -------

  29m 29m 1 {loadbalancer-controller } Normal ADD stage/flags

And then nothing further occurs. Previously it would begin running health-checks against the backends, spin up the load balancer, etc...

Where do I start debugging this given I can't access the ingress-controller logs?

Here is the service...

$kubectl describe svc --namespace=stage

Name: flags

Namespace: stage

Labels: <none>

Selector: app=flags

Type: NodePort

IP: 10.192.176.201

Port: http 80/TCP

NodePort: http 30907/TCP

Endpoints: 10.192.160.4:3000,10.192.161.8:3000,10.192.162.6:3000

Session Affinity: None

No events.

Thanks,

Andy.

[Ian Lewis]

Hey,

The first thing to do is to check your GCP quotas. Do you have other load balancers? You may be running into the backend quota limit?

Ian

--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[Andy Hume]

Hi - thanks for the suggestion. This turned out to be that the file name in the TLS Secret was incorrect. GCLB is expecting tls.crt and tls.key and my letsencrypt controller was naming them differently. I believe a bug has been filed in the load balancer add-on to expose this error through the Ingress. 

[Ian Lewis]

Hmm. My experience is not that *nothing* will happen but it will create a load balancer without a TLS forwarding rule. Was your cluster a significantly older version?

[Andy Hume]

Should also have mentioned I had a kubernetes.io/ingress.allow-http: "false" annotation on the service, which I presume was the cause of that. It couldn't determine any forwarding rules to create.

A.

[Ian Lewis]

Ah. Indeed that's it then!