Hey all I'm having an extreme amount of trouble getting https load balancer to work with GKE. If anyone could point me in the right direction that would be greatly appreciated!

const appService = new k8s.core.v1.Service("django-service", {
  metadata: { labels: appDeployment.metadata.labels },
  spec: {
    type: "NodePort",
    ports: [{ port: 80, targetPort: appPort }],
    selector: appDeployment.spec.template.metadata.labels,
  },
}, { provider: cluster.provider });

const appIngress = new k8s.extensions.v1beta1.Ingress("django-load-balancer", {
  spec: {
    backend: {
      serviceName: appService.metadata.name
      ,
      servicePort: 80,
    }
  }
})

Here's an example I used recently that worked:

@gorgeous-egg-16927 Thanks for your help! I tried that and still get a page when I go to ip. Is there something else i'm doing incorrectly?

Error: Server Error
The server encountered a temporary error and could not complete your request.
Please try again in 30 seconds.

@nice-portugal-52925 my best guess is that your app does not satisfy the LBs health check. GKE L7 LB’s do a mandatory health check on your deployment. By default it’s expecting your app to return a 200 on

/

GET. You can modify the endpoint by adding a readinessProbe, but you cannot deactivate the health check completely, even if you don’t specify a readinessProbe. This is one of the quirks of GKEs L7 LBs and the Ingress controller. More info can be found here: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#health_checks

@glamorous-printer-66548 Thanks for your help! My

/

route returns a

200

😕. I tried the other spec as well no luck. I am able to deploy it just fine with just a LoadBalancer and no ingress, but im trying to set up https with cloudflare. if you have any other solutions they would be appreciated.

does your app / pod itself return http or https traffic?

right now its only returning http. I was told I could use cloudflare as a sort of proxy for the https stuff. I’m not using the load balancing service on cloudflare. Just the DNS and SSL (unless that’s on by default.)

I mean GCP has Cloud DNS and the L7 (HTTP/S) LBs already support SSL / TLS Termination and Global Load Balancing via a single anycast IP. They also support HTTP2, Caching via Cloud CDN etc. I’m not sure what additional benefit Cloudflare would deliver here imho (but it depends on which product we’re talking about since Cloudflare has multiple as well), but for a 0815 use-case I don’t see one. AWS traditionally didn’t have good support for “global load balancing” etc. (although that changed with https://aws.amazon.com/global-accelerator/) so I can imagine that AWS customers were inclined to add Cloudflare into the mix, but GCP has been quite good in this area for a long time.

Do you have and example you can share?

have you tried the example from levi yet?

yes, I was able to run it with the image he provided. Whenever I try to run with my docker image it doesn’t work

levi’s example is using a different port than yours, did you try changing the ports in levis’ example to 80 everywhere and see if it works with ur image?

Figured it out… The site is using django and didn’t have the domain which the health check was being executed on in the

ALLOWED_HOSTS

. Therefor returning a non 200 status failing the health checks 🤦‍♂️

we use https://github.com/jetstack/cert-manager to issue certs using letsencrypt (using the DNS01 challenge in conjunction with GCP Cloud DNS) and then pass them to the ingress controller via tls prop in the spec.

I think i’m going to try the GCP one. Hopefully that one is straight forward enough. Thanks for all your help!