I have the following ingress setup:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: owl-dev-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: zzapps-owl-dev-ip
networking.gke.io/managed-certificates: managed-cert
kubernetes.io/ingress.class: 'gce'
spec:
rules:
- host: owl-dev.zzapps.nl
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: zzapps-owl-dev-webapi-service
port:
number: 80
- path: /
pathType: Prefix
backend:
service:
name: zzapps-owl-dev-webui-service
port:
number: 3000
It exposes 2 services: if the url is called with /api it forwards to the API backend deployment on port 80, if it goes to /* it forwards to the UI pod serving the webpage.
The / works fine, except that the Ingress shows
And yes, the backend service is unhealthy for the api (on 80):
When I check the healthcheck itself:
It is configured on /api
. This is what the backend is expecting as well.
When I expose the backend through the gcloud shell and forward it, I can reach /api
fine (localhost:8080/api
) (it gives a swagger page, with a 200 result, I think that is okay?)
gcloud container clusters get-credentials xxx-xxx-xxx-2 --zone europe-west4-a --project xxx-xxx-xxx \
> && kubectl port-forward $(kubectl get pod --selector="app=zzapps-owl-dev-web-api" --output jsonpath='{.items[0].metadata.name}') 8080:80
Fetching cluster endpoint and auth data.
kubeconfig entry generated for xxx-xxx-xxx-2.
To take a quick anonymous survey, run:
$ gcloud survey
Forwarding from 127.0.0.1:8080 -> 80
Forwarding from [::1]:8080 -> 80
Handling connection for 8080
Long story short: It is unclear why the healthcheck is not able to verify connection.
Okay,
my backend service gave a 301 redirect on /api, to /api/
Sorry, but it is good to check the exact responses first :)