How to get a custom healthcheck path in a GCE L7 balancer serving a Kubernetes Ingress?

kubernetes google-compute-engine kubernetes-health-check
mmoya picture mmoya · Jun 16, 2017 · Viewed 9.5k times · Source

I'm trying to deploy a grafana instance inside Kubernetes (server 1.6.4) in GCE. I'm using the following manifests:

Deployment (full version):

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: grafana
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: grafana
    spec:
      initContainers:
        …                                
      containers:
        - name: grafana
          image: grafana/grafana
          readinessProbe:
            httpGet:
              path: /login
              port: 3000
          …

Service:

apiVersion: v1
kind: Service
metadata:
  name: grafana
spec:
  selector:
    name: grafana
  ports:
    - protocol: TCP
      port: 3000
  type: NodePort

Ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: grafana
spec:
  tls:
    - secretName: grafana.example.com
  backend:
    serviceName: grafana
    servicePort: 3000

It turns out that grafana serves a 302 on / but the default GCE ingress healthcheck expects a 200 on / (source). As you can see, there is a custom readinessProbe in the Deployment (line 22).

Once I post these resources to the kube-apiserver, everything is created without error. Concretely, the Ingress gets a public ip4 address but the healtcheck is set up with the default / path instead of the custom one configured in the readinessProbe. Because of this, I get a 502 if I curl the public ip4 address of the Ingress.

The problem is fixable by manually changing the probe path to /login in the GCE console.

Answer

mmoya picture mmoya · Jun 20, 2017

Quoting from here:

The GLBC requires that you define the port (in your case 3000) within the Pod specification.

The solution is to declare the port used for the healthcheck in ports besides adding a custom readinessProbe:

containers:
  - name: grafana
    readinessProbe:
      httpGet:
        path: /login
        port: 3000
    ports:
      - name: grafana
        containerPort: 3000
    …

Related questions

Readiness probe failed: Get http://10.32.1.71:80/setting s: net/http: request canceled (Client.Timeout exceeded while awaiting headers)

The configuration I have is Jenkins on Kubernetes and the project is written in PHP. The issue here is that the pod is attached to an ingress(than on a loadBalancer using GCE) and when the pod is unhealthy it …

Read More
How to SSH to docker container in kubernetes cluster?

I am fairly new to the Google Cloud platform and Docker and set-up a cluster of nodes, made a Dockerfile that copies a repo and runs a Clojure REPL on a public port. I can connect to it from my …

Read More
How to specify static IP address for Kubernetes load balancer?

I have a Kubernetes cluster running on Google Compute Engine and I would like to assign static IP addresses to my external services (type: LoadBalancer). I am unsure about whether this is possible at the moment or not. I found …

Read More