Cluster information:
Kubernetes version: Latest from Google Cloud
Cloud being used: Google Cloud Kubernetes Engine
Installation method: Click
Host OS:
CNI and version:
CRI and version:
Introduction
I am have created a Dockerfile which downloads LimaCharlie Adapter.
Whatever is sent to LimaCharlie Adapter is forwarded to my organization at limacharlie.io. I have purcased a domain in my Google Cloud project.
I get error from the Ingress: 502 Server Error. All backend services are in UNHEALTHY state
I am lost on debugging this issue and could use some guidance. Thanks!
Results
Deployment: OK
Pods: Running
NodePort Service: OK
Ingress SSL: All backend services are in UNHEALTHY state
SSL Certificate (https://console.cloud.google.com/security/ccm/list/lbCertificates): Active and in used by target https proxies.
Source codes:
kube-manifest/deployment-and-service.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: pa440-ekeberg-deployment
labels:
app: pa440-ekeberg
spec:
replicas: 1
selector:
matchLabels:
app: pa440-ekeberg
template:
metadata:
labels:
app: pa440-ekeberg
spec:
containers:
- name: pa440-ekeberg
image: europe-north1-docker.pkg.dev/collectorz/pa440-ekeberg-repo/pa440-ekeberg:latest
ports:
- containerPort: 8080
resources:
requests:
memory: "1Gi"
cpu: "500m"
ephemeral-storage: "1Gi"
limits:
memory: "1Gi"
cpu: "500m"
ephemeral-storage: "1Gi"
---
apiVersion: v1
kind: Service
metadata:
name: pa440-ekeberg-nodeport-service
labels:
app: pa440-ekeberg
annotations:
spec:
type: NodePort
selector:
app: pa440-ekeberg
ports:
- port: 80
targetPort: 8080
kube-manifests/ingress-ssl.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pa440-ekeberg-ingress-ssl
annotations:
# External Load Balancer
spec.ingressClassName: "gce"
# Static IP for Ingress Service
kubernetes.io/ingress.global-static-ip-name: "pa440-ekeberg-global-ip"
# Google Managed SSL Certificates
networking.gke.io/managed-certificates: pa440-ekeberg-managed-cert-for-ingress
spec:
defaultBackend:
service:
name: pa440-ekeberg-nodeport-service
port:
number: 80
kube-manifests/managed-certificate.yaml
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: pa440-ekeberg-managed-cert-for-ingress
spec:
domains:
- 3.mydomain.com
Dockerfile
# Specify Ubuntu
FROM ubuntu:latest
# Update
RUN apt-get update && apt-get install -y apt-utils file
RUN apt-get install -y ca-certificates
# Open port
EXPOSE 8080
# Download LimaCharlie Adapter (will download as file name "64" to /opt/64)
ADD https://downloads.limacharlie.io/adapter/linux/64 /opt/limacharlie/lc_adapter
RUN chmod +x /opt/limacharlie/lc_adapter
RUN echo Running!
CMD ["/opt/limacharlie/lc_adapter", "syslog", "client_options.identity.installation_key=a-b-c-d-e", "client_options.identity.oid=f-g-h-i-j", "client_options.platform=text", "client_options.hostname=fw-pa440-ekeberg-kubernetes", "client_options.sensor_seed_key=fw-pa440-ekeberg-kubernetes", "port=8080", "iface=0.0.0.0", "is_udp=false"]
My steps to deploy the app
1. Create global IP
gcloud compute addresses create pa440-ekeberg-global-ip --global
2 Create A record:
Go to Network services -> Cloud DNS > mydomain.com > Add Standard
- DNS name: 3.mydomain.com
- Resource record type = A
- TTL: 5 minutes
- IPv4 Adress: The global IP
3 Create Repo
gcloud artifacts repositories create pa440-ekeberg-repo --project=collectorz --repository-format=docker --location=europe-north1 --description="Docker repository"
4 Build a new version
gcloud builds submit --tag europe-north1-docker.pkg.dev/collectorz/pa440-ekeberg-repo/pa440-ekeberg .
5 Connect to cluster
gcloud container clusters get-credentials autopilot-cluster-1 --region europe-north1 --project collectorz
6 Apply all
kubectl apply -f kube-manifests