GKE installation cannot serve proxy. Add / route?


#1

There’s something wrong with my GKE installation of EE v0.33. I am able to get both the Admin API and the Admin GUI running, and the domain-names I’ve mapped to it pass the traffic through my GKE Ingress and onto the pods.

But the proxy itself, on port 8000, will not respond to requests, not that I can see. It always seems to return a 404. And I would imagine that this is why the LB thinks the backend is unhealthy and refuses to pass along traffic.

What to do?


#2

Fixed this, at least partially. I’ve moved over to the Nginx Ingress, and things working much better. Even the proxy serves traffic.


#3

Hey, thanks for updating the thread! Do you still need help on this, and if so what part is still not working?

If your solution worked would you mark it as the right answer by checking the box at the bottom of your update? That way other people will know there’s a fix. Thanks :slight_smile:


#4

Hello @loffelmacher

Did you setup the LoadBalancer service in k8s for proxy? If yes, could you share your configuration?
Also, if the backend instance was unhealthy, what was the health-check that you had configured?


#5

Here is the full YAML which I used to bring this online, you can see I did not set the proxy as a load-balancer, it is plain-old NodePort service.

apiVersion: v1
kind: Service
metadata:
  name: kong-proxy
spec:
  type: NodePort
  ports:
  - name: kong-proxy
    port: 8000
    targetPort: 8000
  selector:
    app: kong

---
apiVersion: v1
kind: Service
metadata:
  name: kong-admin
spec:
  type: NodePort
  ports:
  - name: kong-admin
    port: 8001
    targetPort: 8001
  selector:
    app: kong  

---
apiVersion: v1
kind: Service
metadata:
  name: kong-admin-ui
spec:
  type: NodePort
  ports:
  - name: kong-admin-ui
    port: 8002
    targetPort: 8002
  selector:
    app: kong

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: example-kong-ing
  annotations:
    kubernetes.io/ingress.class: "nginx"
    ingress.kubernetes.io/force-ssl-redirect: "false"
spec:
  tls:
  - secretName: example-cert
    hosts:
    - kong-stg.example.com
    - kong-admin-stg.example.com
    - kong-admin-ui-stg.example.com
  rules:
  - host: kong-stg.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: kong-proxy
          servicePort: 8000
  - host: kong-admin-stg.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: kong-admin
          servicePort: 8001
  - host: kong-admin-ui-stg.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: kong-admin-ui
          servicePort: 8002


---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: kong-rc
spec:
  replicas: 3
  template:
    metadata:
      labels:
        name: kong-rc
        app: kong
    spec:
      containers:
      - name: kong
        image: us.gcr.io/example-grc.io/kong-ee:v0.33.0
        env:
          - name: KONG_ADMIN_LISTEN
            value: 0.0.0.0:8001
          - name: KONG_ADMIN_LISTEN_SSL
            value: 0.0.0.0:8444
          - name: KONG_PG_PASSWORD
            value: asdfasdf
          - name: KONG_PG_HOST
            value: postgres
          - name:  KONG_LOG_LEVEL
            value: debug
          - name: KONG_PROXY_ACCESS_LOG
            value: "/dev/stdout"
          - name: KONG_ADMIN_ACCESS_LOG
            value: "/dev/stdout"
          - name: KONG_PROXY_ERROR_LOG
            value: "/dev/stderr"
          - name: KONG_ADMIN_ERROR_LOG
            value: "/dev/stderr"
          - name: KONG_VITALS
            value: "on"
          - name: KONG_PORTAL
            value: "off"
          - name: KONG_PORTAL_GUI_URI
            value: 0.0.0.0:8003
          - name: KONG_LICENSE_DATA
            value: '{"asdfasdf": "asdfasdf"}'
        ports:
        - name: admin
          containerPort: 8001
          containerPort: 8002
        - name: proxy
          containerPort: 8000

#6

@loffelmacher Rereading this, it seems the LB is connecting to Kong fine.
Did you check the Server header in the 404 response?
If the Server header is Kong, then it seems that the request you’re sending to Kong don’t have the correct host header set? The Ingress Spec is respected by Kong and Nginx Ingress and this should work correctly.
Also, when you had setup Kong Ingress, did you see any errors in Kong Ingress Controller logs?