Reputation: 1334
GKE Ingress defaultBackend not working despite healthy pods and correct NEG configuration
I have a GKE Ingress configured with a defaultBackend to handle requests for undefined hosts. The pods are healthy, but the default backend does not respond. Here’s my setup:
Configuration Details
Deployment for
default-backend:apiVersion: apps/v1 kind: Deployment metadata: name: default-backend namespace: ydt spec: replicas: 1 selector: matchLabels: app: default-backend template: metadata: labels: app: default-backend spec: containers: - name: nginx image: nginx:stable ports: - containerPort: 80 livenessProbe: httpGet: path: / port: 80 initialDelaySeconds: 5 periodSeconds: 5 readinessProbe: httpGet: path: / port: 80 initialDelaySeconds: 5 periodSeconds: 5- Pods are healthy:
kubectl get pods -n ydt -l app=default-backend NAME READY STATUS RESTARTS AGE default-backend-7c58d6c88-abcde 1/1 Running 0 2h
- Pods are healthy:
Service for
default-backend:apiVersion: v1 kind: Service metadata: name: default-backend-service namespace: ydt annotations: cloud.google.com/neg: '{"ingress": true}' # NEGs enabled spec: type: ClusterIP ports: - port: 80 targetPort: 80 selector: app: default-backendIngress Configuration:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ydt-ingress namespace: ydt annotations: kubernetes.io/ingress.class: "gce" networking.gke.io/managed-certificates: "certificate" spec: defaultBackend: service: name: default-backend-service port: number: 80 rules: # Other host rules (omitted for brevity)
What I’ve Checked
- Pods are Running and probes succeed (
kubectl logsshows no errors). - Service selector matches the Deployment’s labels.
- NEGs are created in Google Cloud Console (Network Services > Network Endpoint Groups).
- Firewall rules allow traffic from
130.211.0.0/22and35.191.0.0/16(GCP health check ranges).
The Problem
In the following image you can see the backend service regarding the default backend:
There is no healthy pod running.
There is a google cloud example to create a custom Default Backend service and I don't see any diference with mine
Question:
Why is the defaultBackend not working, even though pods are healthy and NEGs are enabled? Are there hidden configurations in GKE/GCP that I’m missing?
Upvotes: 0
Views: 96
Answers (1)
Reputation: 183
You can try these troubleshooting steps for default backend not working in GKE Ingress setup:
Since your configuration seems fine. You might have to check the logs of Ingress controller to confirm that the request is received by the controller and rerouting the traffic to the default backend.
You can get the logs from the GKE Ingress controller with:
$kubectl logs -n kube-system -l app=gke-ingress
You need to check the health check logs as well, follow this document to enable the health check logging and check the state of your health check by using this document as reference.
Check this official gcp health check troubleshooting document to troubleshoot your health check
Note: Sometimes there may be issues with the GKE ingress controller not properly syncing with the Google Cloud load balancer or health checks. Try deleting and recreating the Ingress resource and the associated services.
Delete the Ingress:
kubectl delete ingress ydt-ingress -n ydt
Reapply the Ingress configuration:
kubectl apply -f your-ingress-config.yaml
Upvotes: 1
Related Questions
- GKE Gateway API httproute not working for https between load balancer and application
- GKE Nginx Ingress controller's Ingress not binding to External IP
- GCP GKE Ingress cannot reach backend services, though health check, firewall, service and deployment all look correct
- GCP load balancer backend status unknown
- GKE Ingress with ExternalName service as backend not working
- Trying to set up an ingress with tls and open to some IPs only on GKE
- NEG says Pods are 'unhealthy', but actually the Pods are healthy
- How to enable subdomain with GKE