GKE loadbalancer-controller error running load balancer syncing routine: error getting secrets for Ingress: secret "" does not exist

Question

I am using GKE cluster. I would very much appreciate it if someone can help me figure out why my ingress is not loading up a load balancer. My expectation is that this ingress should automatically create a load balancer, which I would be able to access with the external IP that I set against the annotation “kubernetes.io/ingress.global-static-ip-name”. I already created this external IP prior to creating this ingress.

Ingress Description:

Namespace:        default
Address:
Default backend:  default-http-backend:80 (10.28.1.4:8080)
TLS:
  SNI routes
  secret-ingress-REDACTED terminates REDACTED.iacustomer-cloud.net
Rules:
  Host                       Path  Backends
  ----                       ----  --------
  REDACTED.iacustomer-cloud.net
                                REDACTED:8080 (10.28.1.9:8080)
Annotations:
  kubernetes.io/ingress.global-static-ip-name:  TEST
  meta.helm.sh/release-name:                    REDACTED
  meta.helm.sh/release-namespace:               default
  kubernetes.io/ingress.allow-http:             false
Events:
  Type     Reason  Age                   From                     Message
  ----     ------  ----                  ----                     -------
  Normal   Sync    5m36s (x3 over 11m)   loadbalancer-controller  Scheduled for sync
  Warning  Sync    5m28s (x17 over 11m)  loadbalancer-controller  Error syncing to GCP: error running load balancer syncing routine: error getting secrets for Ingress: secret "" does not exist

Log from GKE Console

Info 2021-04-17 23:08:22.000 EDT "Scheduled for sync"
Info 2021-04-17 23:08:24.000 EDT "Created NEG "k8s1-c6a787bd-default-iawa-8080-a6810668" for default/iawa-k8s1-c6a787bd-default-iawa-8080-a6810668--iawa/8080-8080-GCE_VM_IP_PORT-L7 in "us-east1-b"."
Info 2021-04-17 23:08:26.000 EDT"Attach 1 network endpoint(s) (NEG "k8s1-c6a787bd-default-iawa-8080-a6810668" in zone "us-east1-b")"
Warning 2021-04-17 23:08:33.000 EDT "Error syncing to GCP: error running load balancer syncing routine: error getting secrets for Ingress: secret "" does not exist"
Warning 2021-04-17 23:08:36.000 EDT "Error syncing to GCP: error running load balancer syncing routine: error getting secrets for Ingress: secret "" does not exist"
Warning 2021-04-17 23:08:39.000 EDT "Error syncing to GCP: error running load balancer syncing routine: error getting secrets for Ingress: secret "" does not exist"

YAML

kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.allow-http: "false"
    kubernetes.io/ingress.global-static-ip-name: TEST
    meta.helm.sh/release-name: REDACTED
    meta.helm.sh/release-namespace: default
  creationTimestamp: "2021-04-18T03:08:22Z"
  finalizers:
  - networking.gke.io/ingress-finalizer-V2
  generation: 1
  labels:
    app.kubernetes.io/managed-by: Helm
  managedFields:
  - apiVersion: extensions/v1beta1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:kubernetes.io/ingress.allow-http: {}
          f:kubernetes.io/ingress.global-static-ip-name: {}
          f:meta.helm.sh/release-name: {}
          f:meta.helm.sh/release-namespace: {}
        f:labels:
          .: {}
          f:app.kubernetes.io/managed-by: {}
      f:spec:
        f:rules: {}
        f:tls: {}
    manager: Go-http-client
    operation: Update
    time: "2021-04-18T03:08:22Z"
  - apiVersion: networking.k8s.io/v1beta1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:finalizers:
          .: {}
          v:"networking.gke.io/ingress-finalizer-V2": {}
    manager: glbc
    operation: Update
    time: "2021-04-18T03:08:22Z"
  name: ingress-REDACTED
  namespace: default
  resourceVersion: "1760095"
  selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/ingress-REDACTED
  uid: 67863099-5bdd-4066-ace8-ee9afe6af876
spec:
  rules:
  - host: REDACTED.iacustomer-cloud.net
    http:
      paths:
      - backend:
          serviceName: REDACTED
          servicePort: 8080
        pathType: ImplementationSpecific
  tls:
  - {}
  - hosts:
    - REDACTED.iacustomer-cloud.net
    secretName: secret-ingress-REDACTED
status:
  loadBalancer: {}

Thanks a lot in advance!

Answer 1

This was because I had an additional "- hosts" entry under tls field within the helm chart template I was using which translated to "- {}" in ingress definition yaml.

  tls:
  - {}
  - hosts:
    - REDACTED.iacustomer-cloud.net

I modified the template and it is working fine now.