There’s something wrong with my GKE installation of EE v0.33. I am able to get both the Admin API and the Admin GUI running, and the domain-names I’ve mapped to it pass the traffic through my GKE Ingress and onto the pods.
But the proxy itself, on port 8000, will not respond to requests, not that I can see. It always seems to return a 404. And I would imagine that this is why the LB thinks the backend is unhealthy and refuses to pass along traffic.
What to do?
Fixed this, at least partially. I’ve moved over to the Nginx Ingress, and things working much better. Even the proxy serves traffic.
Hey, thanks for updating the thread! Do you still need help on this, and if so what part is still not working?
If your solution worked would you mark it as the right answer by checking the box at the bottom of your update? That way other people will know there’s a fix. Thanks 
Hello @loffelmacher
Did you setup the LoadBalancer service in k8s for proxy? If yes, could you share your configuration?
Also, if the backend instance was unhealthy, what was the health-check that you had configured?
Here is the full YAML which I used to bring this online, you can see I did not set the proxy as a load-balancer, it is plain-old NodePort service.
apiVersion: v1
kind: Service
metadata:
name: kong-proxy
spec:
type: NodePort
ports:
- name: kong-proxy
port: 8000
targetPort: 8000
selector:
app: kong
---
apiVersion: v1
kind: Service
metadata:
name: kong-admin
spec:
type: NodePort
ports:
- name: kong-admin
port: 8001
targetPort: 8001
selector:
app: kong
---
apiVersion: v1
kind: Service
metadata:
name: kong-admin-ui
spec:
type: NodePort
ports:
- name: kong-admin-ui
port: 8002
targetPort: 8002
selector:
app: kong
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-kong-ing
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/force-ssl-redirect: "false"
spec:
tls:
- secretName: example-cert
hosts:
- kong-stg.example.com
- kong-admin-stg.example.com
- kong-admin-ui-stg.example.com
rules:
- host: kong-stg.example.com
http:
paths:
- path: /
backend:
serviceName: kong-proxy
servicePort: 8000
- host: kong-admin-stg.example.com
http:
paths:
- path: /
backend:
serviceName: kong-admin
servicePort: 8001
- host: kong-admin-ui-stg.example.com
http:
paths:
- path: /
backend:
serviceName: kong-admin-ui
servicePort: 8002
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kong-rc
spec:
replicas: 3
template:
metadata:
labels:
name: kong-rc
app: kong
spec:
containers:
- name: kong
image: us.gcr.io/example-grc.io/kong-ee:v0.33.0
env:
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8001
- name: KONG_ADMIN_LISTEN_SSL
value: 0.0.0.0:8444
- name: KONG_PG_PASSWORD
value: asdfasdf
- name: KONG_PG_HOST
value: postgres
- name: KONG_LOG_LEVEL
value: debug
- name: KONG_PROXY_ACCESS_LOG
value: "/dev/stdout"
- name: KONG_ADMIN_ACCESS_LOG
value: "/dev/stdout"
- name: KONG_PROXY_ERROR_LOG
value: "/dev/stderr"
- name: KONG_ADMIN_ERROR_LOG
value: "/dev/stderr"
- name: KONG_VITALS
value: "on"
- name: KONG_PORTAL
value: "off"
- name: KONG_PORTAL_GUI_URI
value: 0.0.0.0:8003
- name: KONG_LICENSE_DATA
value: '{"asdfasdf": "asdfasdf"}'
ports:
- name: admin
containerPort: 8001
containerPort: 8002
- name: proxy
containerPort: 8000@loffelmacher Rereading this, it seems the LB is connecting to Kong fine.
Did you check the Server header in the 404 response?
If the Server header is Kong, then it seems that the request you’re sending to Kong don’t have the correct host header set? The Ingress Spec is respected by Kong and Nginx Ingress and this should work correctly.
Also, when you had setup Kong Ingress, did you see any errors in Kong Ingress Controller logs?