I have an application that uses GKE Ingress (master version 1.10.6-gke.2) for a load balancer. Recently GKE started supporting declaring IAP support via BackendConfig. I followed the documentation at [1] and [2]. However, now, GKE seems to hang while creating my Ingress.
Below is the yaml for my service, ingress and backendconfig.
kubectl -n randall-test-1 get svc,ing,backendconfig -o yaml
apiVersion: v1
items:
- apiVersion: v1
kind: Service
metadata:
annotations:
beta.cloud.google.com/backend-config: '{"default": "airflow-backend-config"}'
service.alpha.kubernetes.io/app-protocols: '{"web":"HTTPS"}'
creationTimestamp: 2018-09-10T19:23:13Z
name: airflow
namespace: randall-test-1
resourceVersion: "2155724"
selfLink: /api/v1/namespaces/randall-test-1/services/airflow
uid: X-X-X-X-X
spec:
clusterIP: X.X.X.X
externalTrafficPolicy: Cluster
ports:
- name: web
nodePort: 30099
port: 8080
protocol: TCP
targetPort: web
selector:
app: airflow
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
- apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.allow-http: "false"
creationTimestamp: 2018-09-10T19:23:13Z
generation: 1
name: airflow
namespace: randall-test-1
resourceVersion: "2155721"
selfLink: /apis/extensions/v1beta1/namespaces/randall-test-1/ingresses/airflow
uid: X-X-X-X-X
spec:
backend:
serviceName: airflow
servicePort: 8080
tls:
- secretName: tls
status:
loadBalancer: {}
- apiVersion: cloud.google.com/v1beta1
kind: BackendConfig
metadata:
clusterName: ""
creationTimestamp: 2018-09-10T19:23:13Z
generation: 1
name: airflow-backend-config
namespace: randall-test-1
resourceVersion: "2155728"
selfLink: /apis/cloud.google.com/v1beta1/namespaces/randall-test-1/backendconfigs/airflow-backend-config
uid: X-X-X-X-X
spec:
iap:
enabled: true
oauthclientCredentials:
secretName: oauth2
kind: List
metadata:
resourceVersion: ""
selfLink: ""
The hang gives me no insight.
cluster@master0:~/kube-config$ kubectl -n randall-test-1 describe ing
Name: airflow
Namespace: randall-test-1
Address:
Default backend: airflow:8080 (X.X.X.X:8080)
TLS:
tls terminates
Rules:
Host Path Backends
---- ---- --------
* * airflow:8080 (X.X.X.X:8080)
Annotations:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ADD 6m loadbalancer-controller randall-test-1/airflow
However, in GKE console, I just get Creating ingress as a status for > 20 mins with no resolution. I also check my Load Balancers in console and see nothing.
Any ideas what is happening or what else I can check?
I also tried to do this with just securityPolicy which is supposed to link the Load Balancer with a Cloud Armor policy. This also doesn't work with a similar hang.
[1] https://cloud.google.com/iap/docs/enabling-kubernetes-howto
[2] https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig
NOTE: cross posted at https://github.com/kubernetes/ingress-gce/issues/469
