Kubernetes 1.20
Kong: 2.5
Helm Chart 2.4.0
deployed in namespace kong
application ingress in different namespace than kong
I have stumbled upon weird issue which manifest itself repeatedly but not always. It is possible to replicate in 7 out 10 cases more or less.
Steps:
- Create new Ingress (does not matter if with or without TLS)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: proxy-ingress
namespace: appspace
annotations:
konghq.com/protocols: "https"
konghq.com/https-redirect-status-code: "301"
spec:
ingressClassName: kong
rules:
- host: example.com
http:
paths:
- path: /assets/
pathType: Prefix
backend:
service:
name: assets-app
port:
number: 80
- In 7/10 cases, the Ingress has no address.
$ kubectl get ingresses
NAME CLASS HOSTS ADDRESS PORTS AGE
web-ingress kong example.com XXX.XXX.XXX.XXX 80, 443 64d
proxy-ingress kong example.com 80, 443 2m
And yet, the ingress works and is accessible.
$ kubectl get ingress/proxy-ingress -oyaml
[....]
status:
loadBalancer: {}
The ingress controller logs, even in DEBUG level, do show any errors. On the contrary, it reports successful data plane synchronization.
Actions taken thus far:
- restart API control plane; no dice.
- creating different ingress; works occasionally.
- RBAC permissions verified to allow for get/list/watch.
- Restarting Kong deployment does not resolve the issue.
This seems to be solely resource status not being updated. The Kong Ingress does actually work as expected.
Any idea how to debug this further?