Shihgian Lee
06/02/2022, 7:20 PMKetan (kumare3)
Shihgian Lee
06/02/2022, 10:13 PMKetan (kumare3)
Shihgian Lee
06/02/2022, 10:51 PMexternal
to internal
?
2. After we have successfully changed the ingress to internal
, we can’t use the Google Managed Cert anymore. What cert option do we have for internal ingress?
Thank you in advance for your help!Ketan (kumare3)
jeev
Prafulla Mahindrakar
06/03/2022, 5:50 AM<http://cloud.google.com/neg|cloud.google.com/neg>: '{"ingress": true}'
on the service account for flyteadminShihgian Lee
06/03/2022, 10:42 PMservice:
annotations:
<http://cloud.google.com/neg|cloud.google.com/neg>: '{"ingress": true}'
# Required for the ingress to properly route grpc traffic to grpc port
<http://cloud.google.com/app-protocols|cloud.google.com/app-protocols>: '{"grpc":"HTTP2"}'
I did try to add it to serviceAccount
annotation. But, it didn’t seem right based on the documentation. So, I added it to service
instead.
Under the common->ingress
, I added and commented out a few entries based on the documentation you shared:
common:
ingress:
host: "{{ .Values.userSettings.hostName }}"
tls:
enabled: true
annotations:
# <http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
# <http://nginx.ingress.kubernetes.io/ssl-redirect|nginx.ingress.kubernetes.io/ssl-redirect>: "true"
# <http://cert-manager.io/issuer|cert-manager.io/issuer>: "letsencrypt-production"
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: "gce-internal"
<http://kubernetes.io/ingress.allow-http|kubernetes.io/ingress.allow-http>: "false"
<http://kubernetes.io/ingress.global-static-ip-name|kubernetes.io/ingress.global-static-ip-name>: dev-porch-com-example
# --- separateGrpcIngress puts GRPC routes into a separate ingress if true. Required for certain ingress controllers like nginx.
# separateGrpcIngress: true
# --- Extra Ingress annotations applied only to the GRPC ingress. Only makes sense if `separateGrpcIngress` is enabled.
# separateGrpcIngressAnnotations:
# <http://nginx.ingress.kubernetes.io/backend-protocol|nginx.ingress.kubernetes.io/backend-protocol>: "GRPC"
I managed to execute helm successfully. However, my ingress looks like the following:
kubectl -n flyte get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
flyte-core <none> <http://flyte.porchpoc.com|flyte.porchpoc.com> 80, 443 45s
The <https://flyte.porchpoc.com/console>
cannot be reached. I think it is because the Address
is missing.
There seems to be some errors for the ingress:
kubectl get events --all-namespaces --field-selector involvedObject.kind=Ingress
NAMESPACE LAST SEEN TYPE REASON OBJECT MESSAGE
flyte 44m Normal Sync ingress/flyte-core Scheduled for sync
flyte 43m Warning Sync ingress/flyte-core Error syncing to GCP: error running load balancer syncing routine: error initializing translator env: secrets "flyte-flyte-tls" not found
flyte 5m4s Normal Sync ingress/flyte-core Scheduled for sync
flyte 2m8s Warning Sync ingress/flyte-core Error syncing to GCP: error running load balancer syncing routine: error initializing translator env: secrets "flyte-flyte-tls" not found
Any ideas what I can try next? Thanks!Prafulla Mahindrakar
06/06/2022, 11:18 AM