1

We are implementing kubernetes on GKE.

I got stuck with the following.

The staging application on is hosted on GKE 1.19.7-gke.1500.

We have an application where we have to set up webhooks with applications. When setting up the webhook I get the same error. Namely that the url is not available or does not exist.

The application on kubernetes has a valid certificate. The application works locally (minikube and skaffold) when we use ngrok.

In addition, it is possible to perform an oauth with a third party software. But we cannot activate the webhook because our webhook endpoint is not found.

I looked at the cert-manager documentation, which states that there are known issues between Cert-manager and GKE. They say that this has to do with the settings in GKE, I opened some firewall myself, but without result. https://cert-manager.io/docs/installation/compatibility/

In addition, I have looked on the internet to find out if this problem can be fixed. But I find a lot of information about webhook to be set up for Kubernetes itself but not the application that runs on it.

I think it has to do with a port incorrectly GKE configured?

See our Pod Service setting:

---
apiVersion: v1
kind: Service
metadata:
  name: backend
spec:
  selector:
    app: back-end
  ports:
    - name: back-end
      protocol: TCP
      port: 5000
      targetPort: 5000

Our Ingress setting:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
    name: ingress-service
    annotations:
      kubernetes.io/ingress.global-static-ip-name: "**.**.***.***"
      kubernetes.io/ingress.class: 'nginx'
      nginx.ingress.kubernetes.io/use-regex: 'true'
      cert-manager.io/issuer: '****'
      kubernetes.io/tls-acme: "true"
spec:
  tls:
  - hosts:
    - test.xxxxxx.com
    secretName: xxxxx
  rules:
  - host: test.xxxxx.com
    http:
      paths:
      - path: /api/?(.*)
        backend:
          serviceName: backend
          servicePort: 5000
      - path: /?(.*)
        backend:
          serviceName: client
          servicePort: 3000

Updated 03/15/2021

For example we want to set up a webhook for the following endpoint: "https://test.xxxx.nl/api/v1/webhook/person". We make a request to PipeDrive to set up a webhook, but then PipeDrive gives the following error: "errors: { subscription_url: [ 'invalid or non-reachable URL' ] } }"

response: [cmd]: kubectl get ep backend

NAME: backend
ENDPOINTS: 10.0.0.21:5000, 10.0.0.22:5000
AGE: 81d
Stefan H.
  • 11
  • 2
  • Hello, I've fixed the `YAML` manifest as it's indentation wasn't correct. Where exactly the not found message appears? Could you attach it? What exactly you mean by setting up a webhook for you application? Do you mean that you are sending a request to your `Ingress` controller that should be forwarded to your `Deployment`? Is your certificate issuing correctly? The: `ingress.global-static-ip-name` annotation is specific to `ingress-gce` and won't work with `nginx`. Also please attach the output of: `$ kubectl get ep backend`. – Dawid Kruk Mar 11 '21 at 16:32
  • Hi, I added the error message setup webhook request and `kubectl get ep backend` response . About the certificate I get the following message: “Certificate is up to date and has not expired”. – Stefan H. Mar 15 '21 at 14:09
  • I've used the example that you provided and found no issues (routing was correct). Please check if the `Pod` receives this request and if in what form (request path). If it doesn't it could mean that there is an issue with `Ingress` controller. – Dawid Kruk Mar 19 '21 at 16:35

0 Answers0