GCP Global load balancer health checks fail for k8s cluster autoscaling group

1
votes

I've installed haproxy ingress in the GKE cluster since the default ingress (integration with global load balancer) was not satisfying my needs. So port 80 is the target HTTP port for the load balancer backend on all cluster hosts. I've simply configured a global HTTPS load balancer to terminate SSL and balance traffic between the k8s nodes auto-scaling group.

Everything seems correctly configured, but I can see backend health checks fail. I've tried two methods HTTP on /healthz and TCP on port 80. Both checks fail, and service is unavailable in 99% of the time.

Can anybody help me with this situation?

enter image description here

1
load-balancinggoogle-kubernetes-enginekubernetes-ingress
Hello. Do I understand correctly that: 1. You deployed haproxy ingress controller. 2. Your haproxy is configured as daemonset on all nodes in the cluster. 3. You created HTTPS LoadBalancer with GCP to point to this haproxy pods? Can you please provide steps what exactly you've done?Dawid Kruk
Yes, It's correct. The problem was the firewall rules. I've added the answer to my questionArash

1 Answers

1
votes

The problem was the firewall rules. Health checks were not allowed to access GCE nodes associated with the GKE cluster. I've added a new rule to VPC to allow 35.191.0.0/16,130.211.0.0/22 source IP ranges and 10253 TCP port associated with haproxy ingress health port.

After adding the rule, health checks passed, and the load balancer started to work.