Google Cloud Load Balancer + GKE ingress
I've configured a Google Cloud Load Balancer as follows:
- GFE (frontend) listening on :443, https only
- Host matching + path matching on
/* - A single NEG (Network Endpoint Group) as a backend service for the load balancer
What I don't understand, is why an instance group is linked as a backend service to this Load Balancer (see below):
The instance group backend service links to the VM instances configured for my Kubernetes cluster. Also, if I remove the instance group backend service from this Load Balancer, my-app is still reachable over the global ip address.
However, after a few minutes, the instance group backend service is back and is linked to the Load Balancer again.
I can't seem to find anything about this behavior when using Network Endpoint Groups with a Google Cloud Load Balancer in the documentation or in any of the examples.
If you know why the instance group backend service is linked and why it returns after being removed, please reply.
When creating a GKE ingress there are a couple of options that can be defined on the yaml, one of these options is to have a Default Backend defined where requests not matching any Host or path are sent to it.
By default when there is no Default Backend specified GKE automatically adds it’s own small web application to reply 404 to any unmatched requests, based on your screenshot the additional Instance group you see is this default backend not having been manually specified on creation.
Additionally deleting the Backend manually does not work since GKE always tries to keep all the resources in sync with what is described in the YAML, if you want to remove it instead you need to specify your own default backend for unmatched requests.
- Custom Service Account with KFP pipelines in Vertex AI
- Error uploading file to google cloud storage
- Cloud function is not triggered by pub/sub topic
- Java application unable to find ADC when Workload Identity is enabled on GKE cluster
- Service account with Workspace-authorized domain-wide delegation gets error "Not Authorized to access this resource/api" when running cloud function
- How to download a pushed Odoo release and upload to Github
- GCP authentication when testing a container in the local development environment
- GAE: find project name by project number
- Google Cloud functions v2 eventarc - How to Track User Context for Deletions in Firebase Realtime Database
- Google Cloud Bigtable vs Google Cloud Datastore
- Batch job submission error "Failed to process all documents", uris seem correct?
- 401 Unauthorized when installing Python package from Artifacts registry for Google Build
- Google Cloud Storage request blocked by CORS: not allowed by Access-Control-Allow-Origin
- Accessing users account with service account
- Firestore exception occurred in retry method that was not classified as transient
- Managed Service Provider on Google Cloud Platform
- Stripe Error: No signatures found matching the expected signature for payload
- Error --accelerator unrecognized argument when launching gcloud beta ai-platform versions create API
- invalid_request when calling https://sts.googleapis.com/v1/token API
- How to upload a file to Google Cloud Storage on Python 3?
- How to use Puppeteer in 2nd gen Cloud Functions?
- Migrate GCP Cloud Kms key from single region to multi regional
- How can I invalidate Google Cloud CDN cache from my express server?
- Pattern for handling deferred tasks in a GCP Cloud Function
- Certmanager tries to use HTTPS inside the cluster and fails when it gets self signed certificates
- re-define keyboard behavior for `GCP - vertex AI - freefrom`
- Error: 10: Developer console is not set up correctly (Not Using Firebase) (One Tap sign-up)
- How to create GCP Cloud SQL IAM Users
- How to create temporary tables in Spanner
- How to return the COUNT of two different parameters?