This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Gateway API works only with deployed Ingress

Posted on 01-25-2024 12:26 AM
Denisqqq
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Following setup: I have a web application running on the GKE cluster, and I wanted it to be accessible through the VPC Network and Company VPN. So, first, I decided to use an internal application load balancer with an ingress controller. 

Later, I realized that I wanted some features like redirect or shared namespaces from the Gateway API. So, I built a setup with Gateway API for my application

The problem I have is that somehow my Gateway API works only if I have one ingress deployed. It doesn't matter if this ingress is attached to a service or not. If I don't have this ingress deployed, then I have an unhealthy NEG, and if I try to open this test application, I receive the message: "no healthy upstream."

Solved Solved
2 3 1,529
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
shinebayar
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I just ran into the same problem. Are you using Shared VPC? If yes, Gateway API doesn't create firewall rules for you. See https://cloud.google.com/kubernetes-engine/docs/concepts/firewall-rules#shared_vpc

I guess the reason why it works when you deploy Ingress is, GKE Ingress Controller was able to create a firewall rule  in the host project. So Gateway started working afterwards.

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
Marvin_Lucero
Staff
Reply posted on --/--/---- --:-- AM

Hi @Denisqqq ,

Your issue is a bit complex and may need further checking and investigation. It seems you are encountering the issue with the Gateway API if you have multiple ingresses in use. 

Since I have no visibility or details of your project,  what I can suggest for basic troubleshooting is to check the following:

1.  If you have multiple ingresses in different namespaces or are using shared namespaces, make sure there are no configuration conflicts. Make sure that both services and ingresses are placed in the correct namespaces. One possibility here is there can be namespace conflicts.

2. The health checks should be configured correctly for the services. 

@Denisqqq wrote:

, I receive the message: "no healthy upstream."

If you are getting this kind of error it means your backends are unhealthy. 

3. Since I have mentioned healthcheck, check the firewall rules. Make sure that there are necessary firewall rules that will allow traffic from your GKE cluster.

You can check and review this documentation for more details. 

Let me know if this helps you with your issue. Thanks!

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
shinebayar
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I just ran into the same problem. Are you using Shared VPC? If yes, Gateway API doesn't create firewall rules for you. See https://cloud.google.com/kubernetes-engine/docs/concepts/firewall-rules#shared_vpc

I guess the reason why it works when you deploy Ingress is, GKE Ingress Controller was able to create a firewall rule  in the host project. So Gateway started working afterwards.

Jump to Solution

Posted on --/--/---- --:-- AM
nikita_ton
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I use K8s Gateway API. For me, the only thing that worked is to create a HealthCheckPolicy for each services.

https://cloud.google.com/kubernetes-engine/docs/how-to/configure-gateway-resources#configure_health_...

Jump to Solution
0 Likes
Top Labels in this Space