Can't connect static ip to Ingress on GKE

Asked 26/3, 2019 at 12:35 Answered 25/7, 2022 at 21:26

google-cloud-platform kubernetes-ingress static-ip-address nginx-ingress

I am trying to connect my ingress to a static ip. I seem to be following all the tutorials, but still I cannot seem to attach my static ip to ingress. My ingress file is as follows (refering to the static ip "test-ip")

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-web
  annotations:
    kubernetes.io/ingress.global-static-ip-name: "test-ip"
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/add-base-url: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  rules:
    - http:
        paths:
          - path: /api/
            backend:
              serviceName: api-cluster-ip-service
              servicePort: 5005
          - path: /
            backend:
              serviceName: web-cluster-ip-service
              servicePort: 80

However, when I run

kubectl get ingress ingress-web

it returns

kubectl get ingress ingress-web
NAME          HOSTS     ADDRESS   PORTS     AGE
ingress-web   *                   80        4m

without giving the address. In the VPC network [External IP addresses ] the static ip is there, it is global, but it keeps saying: In use by None

 gcloud compute addresses describe test-ip --global

gives

address: 34.240.xx.xxx
creationTimestamp: '2019-03-26T00:34:26.086-07:00'
description: ''
id: '536303927960423409'
kind: compute#address
name: test-ip
networkTier: PREMIUM
selfLink: https://www.googleapis.com/compute/v1/projects/my-project- adbc8/global/addresses/test-ip
status: RESERVED

What am I missing here?

Edra answered 26/3, 2019 at 12:35 Comment(3)

Can you please show the output of gcloud compute addresses describe test-ip --global – Penn 26/3, 2019 at 14:54

added the output – Edra 26/3, 2019 at 15:29

did you try with static IP in the same region and LB service as it was described here https://mcmap.net/q/684274/-global-static-ip-name-on-nginx-ingress ? – Penn 27/3, 2019 at 9:34

I ran into this issue. I believe it has been fixed by this pull request.

Changing

kubernetes.io/ingress.global-static-ip-name

kubernetes.io/ingress.regional-static-ip-name

Worked for me.

Suspensive answered 27/6, 2021 at 17:7 Comment(3)

This was my error too (was asking for a global, but already had a regional IP reserved). Core point: Be sure to annotate with the type of IP you have reserved! – Selfdrive 8/10, 2021 at 2:56

Correction: I also tried region and it still didn't work, but deleting the regional IP and instead creating a global IP allowed it to go through. I guess GKE HTTPS ingress aren't compatible with regional IPs? – Selfdrive 8/10, 2021 at 3:10

me too @Selfdrive . I tried to use the regional one but seems not working for the GKE native ingress, so I had to recreate the static ip with the Global one. – Koy 14/4, 2022 at 7:56

I've spent hours trying to figure the issue out. It simply seems like a bug with GKE.

What solved it was:

Starting ingress with no static ip
Going to cloud console on the web under VPC Network > External IP addresses
Waiting for the Ingress ip to show up
Setting is as static, and giving it a name
Adding kubernetes.io/ingress.global-static-ip-name: <ip name> Ingress yaml and applying it.

Advisedly answered 3/10, 2020 at 16:22 Comment(3)

A bit hacky here, but it does seem to be an issue with IP configuration. I've found regions to be problematic. – Opprobrious 8/7, 2021 at 8:24

The official Google Docs say to create the static IP first, something is definite wrong: cloud.google.com/kubernetes-engine/docs/tutorials/… – Tupler 11/1, 2023 at 14:45

I've got an external IP, with a name, and that was created before the ingress. But the initial ingress setup didn't attach the IP based on the annotation. I've then tried to remove the annotation and put it back on again, but it's not worked. The IP address is static, and has a name already. It's all a bit rubbish. – Miguelinamiguelita 30/10, 2023 at 1:19

You have to make sure the IP you created in GCP is Global and not Regional in order to use the following annotation in your ingress:

kubernetes.io/ingress.global-static-ip-name

Crewelwork answered 20/9, 2021 at 3:50 Comment(0)

I had the same problem, but after some research and testing I managed to solve this issue. These are the steps I took:

First you need to create a Global static IP address on GCP. I happened to use Terraform to do this eg see example below
```
resource "google_compute_global_address" "static" {
  name          = "global-test-ip"
  project       = var.gcp_project_id
  address_type  = "EXTERNAL"
}
```
based on this documentation: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_address

You could however use the GCP console to do this. Note: I created this Global Static IP in the same GCP project as my GKE cluster.
Once I had completed the creation of the Global Static IP I then added the following annotation to the Kubernetes ingress yaml file and applied it (ie kubectl apply -f ingress.yaml):
```
annotations:    
  kubernetes.io/ingress.global-static-ip-name: "global-test-ip" 
```
Note: it took a few minutes for the Ingress and Google Load balancer to update after I applied this ingress change.

Nessus answered 30/11, 2021 at 10:14 Comment(0)

The first thing you should check is the status of the IP, e.g.

gcloud compute addresses describe traefik --global

You should see something along the lines of:

address: 34.111.200.XXX
addressType: EXTERNAL
creationTimestamp: '2022-07-25T14:06:48.827-07:00'
description: ''
id: '5625073968713218XXX'
ipVersion: IPV4
kind: compute#address
name: traefik
networkTier: PREMIUM
selfLink: https://www.googleapis.com/compute/v1/projects/contrawork/global/addresses/traefik
status: RESERVED

Your Ingress should look something like this:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: 'gce'
    kubernetes.io/ingress.global-static-ip-name: 'traefik'
  name: secondary-ingress
spec:
  defaultBackend:
    service:
      name: 'traefik'
      port:
        number: 80

After this is deployed, within 5 minutes you should see status change to IN USE.

If not, I would attempt to delete and re-create the Ingress resource.

If it still does not happen, then I would check the documentation if you have properly configured the cluster, e.g. Ensure that GKE cluster has "HTTP Load Balancing" enabled.

Rager answered 25/7, 2022 at 21:26 Comment(0)

Recommended topics

Hot tags