0

I'm setting up ingress on GKE and facing an issue (even after following all the tutorials)

All I want is to disable http access. The following is the output of kubectl describe ingress:

Name:             ######-https-expose
Namespace:        default
Address:          #.#.#.#
Default backend:  ######-port-expose:# (#.#.#.#:#)
Rules:
  Host        Path  Backends
  ----        ----  --------
  *           *     ######-port-expose:# (#.#.#.#:#)
Annotations:  ingress.gcp.kubernetes.io/pre-shared-cert: mcrt-#-fb#f-#db#-b#-#b#f#a#d#a#
              ingress.kubernetes.io/backends: {"k#s-be-#--e#c#f#f#e#":"HEALTHY"}
              ingress.kubernetes.io/force-ssl-redirect: true
              ingress.kubernetes.io/forwarding-rule: k#s-fw-default-######-https-expose--e#c#f#f#e#
              ingress.kubernetes.io/https-forwarding-rule: k#s-fws-default-######-https-expose--e#c#f#f#e#
              ingress.kubernetes.io/https-target-proxy: k#s-tps-default-######-https-expose--e#c#f#f#e#
              ingress.kubernetes.io/ssl-cert: mcrt-#-fb#f-#db#-b#-#b#f#a#d#a#
              ingress.kubernetes.io/target-proxy: k#s-tp-default-######-https-expose--e#c#f#f#e#
              ingress.kubernetes.io/url-map: k#s-um-default-######-https-expose--e#c#f#f#e#
              kubernetes.io/ingress.allow-http: false
              kubernetes.io/ingress.global-static-ip-name: ######
              networking.gke.io/managed-certificates: ######-certificate
Events:       <none>

kubernetes.io/ingress.allow-http: false is there. I can still access the domain with http://

PS. I've had a different issue with my setup, again following all the official docs, and was able to resolve it through the google console. It makes me think that there's a bug with Ingress/GKE itself.

Ingress defenition. Simply followed this tutorial: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs#gcloud and to disable http https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-xlb#disabling_http

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/force-ssl-redirect: "true"
    kubernetes.io/ingress.global-static-ip-name: ###
    networking.gke.io/managed-certificates: ###
    kubernetes.io/ingress.allow-http: "false"
  labels:
    app: ###
  name: ###
  namespace: default
spec:
  backend:
    serviceName: ###
    servicePort: ###
Anton
  • 192
  • 1
  • 1
  • 7
  • I was able to turn off HTTPS from cloud console by going to "Services & Ingress" > selecting load balancer in details > deleting the port 80 access. Had to wait about 10 min for it to take effect. – Anton Oct 04 '20 at 16:39
  • Could you please post your ingress definition here? I will try to reproduce it to verify the same behaviour here. – Mr.KoopaKiller Oct 05 '20 at 11:23
  • @KoopaKiller added. Although, I would recommend just following the tutorials since there's the certificate and service set up steps. – Anton Oct 05 '20 at 14:54
  • What is the GKE version you are using? You can see in this [issue](https://github.com/kubernetes/ingress-gce/issues/764#issuecomment-627877579) the problem was fixed in kubernetes 1.17.5 version. – Mr.KoopaKiller Oct 23 '20 at 09:18
  • That could have been it – Anton Oct 23 '20 at 21:43

1 Answers1

0

There is a issue on github about it. As you can see in here the problem was fixed in versions >=1.17.5-gke.0.

Hi, just tried this fix (allowHttp: false) with cluster version 1.17.5-gke.0 It actually works, in the sense that when I try to send a plain HTTP request, the response is a 404 from GCP backend...

Mr.KoopaKiller
  • 188
  • 10