profile
viewpoint

Ask questionsChanging class from gce-internal to gce leaves orphaned load balancers

Hey, I created an ingress with ingress.class: gce-internal. After testing a bit, I changed the class to gce to compare the latency. After a while, a new public load balancer was provisioned, however the old internal one still remains, even after removing the ingress object completely. (The new public load balancer didn't seem to work either, just returning Google 404:s, but that may be something on my end)

When deleting the load balancer manually, I'm prompted to delete other unused items:

Regional back-end services:

  • [ ] k8s1-1d6454aa-kube-system-default-http-backend-80-86b603b9
  • [ ] k8s1-1d6454aa-alerting-karma-8080-a8103f1f

Regional health checks:

  • [ ] k8s1-1d6454aa-alerting-karma-8080-a8103f1f
  • [ ] k8s1-1d6454aa-kube-system-default-http-backend-80-86b603b9

Regional SSL certificates:

  • [ ] k8s2-cr-ocxcn8r1-xoxpd4e1u0q3cjps-1e6575d27cab05e5

Are all of these safe to delete? The "karma" ones relate to my app, so those seem safe, but the default backend? The certificate is not viewable in the console (I can search for it and find it, but get an error when trying to display it), so I can't tell if it is related to the default backend or if it synced the certificate for my ingress into a GCP certificate?

kubernetes/ingress-gce

Answer questions carlpett

Hey! I had actually cleaned it up, but could reproduce it. I'll mail you the details!

For completeness, here is the repro yamls:

apiVersion: v1
kind: Service
metadata:
  name: gke-test-ingress
  annotations:
    cloud.google.com/neg: '{"ingress": true}'
  labels:
    app: foo
spec:
  type: ClusterIP
  selector:
    app: foo
  ports:
  - name: http
    port: 8080
    targetPort: http
    protocol: TCP
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: gke-test-ingress
  annotations:
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.class: gce-internal
  labels:
    app: foo
spec:
  rules:
  - host: ingress-test.my-domain.tld
    http:
      paths:
      - path: /
        backend:
          serviceName: gke-test-ingress
          servicePort: http
  tls:
  - hosts:
    - ingress-test.my-domain.tld
    secretName: gke-test-ingress-tls
useful!
source:https://uonfu.com/
Github User Rank List