Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No frontend configured on load balancer #2

Closed
rsouthgate opened this issue Oct 1, 2018 · 10 comments
Closed

No frontend configured on load balancer #2

rsouthgate opened this issue Oct 1, 2018 · 10 comments

Comments

@rsouthgate
Copy link

@rsouthgate rsouthgate commented Oct 1, 2018

Pretty excited to see this out there so maybe I jumped the gun a bit but I can't get it to work with my cluster.

Upgraded cluster master to 1.10.7-gke.2, waited for that to propagate to all pods. Created Custom Resource Definition and Controller (removed the serviceAccountName: test-account line within the controller so it should just use default account).

Created the object:

apiVersion: gke.googleapis.com/v1alpha1
kind: ManagedCertificate
metadata:
  name: api-test-certificate
spec:
  domains:
    - apitest.mydomain.co

Edited my Ingress, deleted and created, so now based on this:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: api-ingress
  annotations:
    kubernetes.io/ingress.global-static-ip-name: api-test-load-balancer
    kubernetes.io/ingress.allow-http: "false"      
    gke.googleapis.com/managed-certificates: api-test-certificate
spec:
  rules:
  ...

Result: LB gets created, but within GCP Dashboard I see the message 'This load balancer has no frontend configured.'

Within the K8s engine under the api-ingress details it seems stuck at 'creating ingress'.

I'm probably missing something critical!

@krzykwas
Copy link
Member

@krzykwas krzykwas commented Oct 10, 2018

Hi! This is actually still a work in progress, we are still before alpha release. Currently managed certificates will not work until my pull request to ingress-gce gets accepted.

The yaml files in the deploy directory are used for setting up environment for e2e tests and this setup works correctly. Are you sure the Ingress error isn't transient?

@michael34435
Copy link

@michael34435 michael34435 commented Oct 11, 2018

@krzykwas Hi, does it mean gke-managed-certs won't work on current GKE? I had tried it with GKE 1.10.7-gke.2 but LoadBalancer didn't allow me to use HTTP(S) protocol.

Thanks in advance.

@krzykwas
Copy link
Member

@krzykwas krzykwas commented Oct 12, 2018

@michael34435 gke-managed-certs won't work with current GKE, because Ingress in current GKE lacks support for ManagedCertificate CR. The pull request mentioned above needs to be merged first.

Despite the name, gke-managed-certs will work in any k8s cluster using GCLB, it's not limited to GKE clusters, however the pull request to Ingress is required anyway.

@michael34435
Copy link

@michael34435 michael34435 commented Oct 12, 2018

Ok, I got it.
Thank you for your explanation

@fmacelw
Copy link

@fmacelw fmacelw commented Oct 31, 2018

@krzykwas I'm pretty excited about this project as well! Great work! your PR kubernetes/ingress-gce#508 seems to have been approved and merged now - how long should we wait until it will be rolled out into the GCP / GKE infra? And do we need ingress / load balancers to be recreated? I think it would beneficial if you state more clearly in the README the current project status and its dependencies to work properly to ensure people have the right expectations - this project would be a huge time saver going forward, but I'm concerned early adopters may decide not to use it or leave bad reviews just because have the wrong expectations (e..g to be 100% working now)

@michael34435
Copy link

@michael34435 michael34435 commented Nov 7, 2018

Hi, @fmacelw According to the release notes provided by ingress-gce, I guess we'll see it in the next GKE version

@krzykwas
Copy link
Member

@krzykwas krzykwas commented Nov 8, 2018

Sorry for a delayed response.

Managed certificates should already work with Ingress v1.4.0 in GCP, you need to just switch a feature flag to enable them.

Once managed certificates are available in GKE, it will be announced through official GKE channels. I'd like not to announce the GKE part here. The GKE release, once it happens, will be in alpha clusters, as this is an alpha feature.

There may be some incompatibility issues I'm not aware of, but it seems to me that it should not be required to recreate Ingress objects.

This is an alpha version. Enabling managed certificates will cause a downtime, because there is yet no support for no-downtime migration from other types of certificates supported by Ingress (pre-shared-cert/k8s secrets). It means that until a managed certificate is provisioned, HTTPS will be down.

@bluecmd
Copy link

@bluecmd bluecmd commented Dec 9, 2018

I was very excited when I found this repository - and it seems like the managed certificate is created but is stuck in FAILED_NOT_VISIBLE due to not being added to the GCLB. I guess this is because this controller is not ready? I didn't find any references in the code to mutating the ingress to actually use the SSL certificate created, but I'm probably missing something.

Maybe a note could be added to the README specifying that this does not work yet without using GKE version TBD, etc?

@kianting
Copy link

@kianting kianting commented Jun 21, 2019

Hi I am facing the same issue I have followed the documentation creating https load balancer with managed certs

I get the same error when I look at the automatically created load balancer when I kube apply the ingress config files. When I go to the load balancer I still see "This load balancer has no frontend configured". I am using kube version "1.12.7-gke.10".

The documentation says the managed cert will only take 15 minutes to provision but I have waited for 28 minutes it is still showing status of Provisioning.

The load balacer is stuck the managed cert is stuck. What can I do to move forward?

@delashum
Copy link

@delashum delashum commented Jul 2, 2019

Facing a very similar problem that I spent days debugging.. my ingress config is almost identical except that I don't have the kubernetes.io/ingress.allow-http: "false" rule. So my load balancer did have a frontend protocol, but only for HTTP. I ended up manually creating one for HTTPS and pointing it to the managed certificate then everything worked.

Any ideas why the HTTPS frontend protocol isn't being created? I'm assuming that's it's supposed to be, otherwise there should be a note in that tutorial stating the need to manually add that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants