Timeout when creating ingress resource on GKE private cluster

Question

Created a GKE cluster, setup cloud-nat for internet connectivity. Then i deployed the kubernetes ingress-nginx kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud/deploy.yaml.

Everything is fine till here but when i try to deploy the ingress resource i get this Error from server (Timeout): error when creating "manifests/backend/service/be-nginx-ingress-serivce.yaml": Timeout: request did not complete within requested timeout 30s.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-resource
  namespace: sap
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  tls:
    - hosts:
      - mywebname.com
      secretName: ingress-tls
  rules:
    - host: mywebname.com
      http:
        paths:
        - path: /
          backend:
            serviceName: app
            servicePort: 5000
        - path: /v1
          backend:
            serviceName: web
            servicePort: 8081

My manifest was running fine on public GKE but today i switched it to private and i faced this issue, this is my first time with VPC, any help or guidance would be appreciated, thanks

Answer 1

I pretty sure it's firewall things. Did your follow the document?

https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke

For private clusters, you will need to either add an additional firewall rule that allows master nodes access port 8443/tcp on worker nodes, or change the existing rule that allows access to ports 80/tcp, 443/tcp and 10254/tcp to also allow access to port 8443/tcp.

https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules

gcloud compute firewall-rules create firewall-rule-name \
    --action ALLOW \
    --direction INGRESS \
    --source-ranges master-CIDR-block \
    --rules protocol:port \
    --target-tags target