This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

GKE Running LimaCharlie Adapter gives 502 Server Error: All backend services are in UNHEALTHY state.

Posted on 06-06-2024 11:43 AM
sigma1
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I am trying to create a deployment that can receive firewall logs. I have purchased a Google Cloud Domain.

I managed to run LimaCharlie Adapter without a Ingress (with LoadBalancer Service). After introducing the ingress I get error 502 Server Error: All backend services are in UNHEALTHY state.

 

This is a drawing of my wanted setup:

FWDiagram.drawio.png

My source codes

kube-manifest/deployment-and-service.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pa440-ekeberg-deployment
  labels:
    app: pa440-ekeberg
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pa440-ekeberg
  template:
    metadata:
      labels:
        app: pa440-ekeberg
    spec:
      containers:
        - name: pa440-ekeberg
          image: europe-north1-docker.pkg.dev/collectorz/pa440-ekeberg-repo/pa440-ekeberg:latest
          ports:
            - containerPort: 8080
          resources:
            requests:
              memory: "1Gi"
              cpu: "500m"
              ephemeral-storage: "1Gi"
            limits:
              memory: "1Gi"
              cpu: "500m"
              ephemeral-storage: "1Gi"

---
apiVersion: v1
kind: Service
metadata:
  name: pa440-ekeberg-nodeport-service
  labels:
    app: pa440-ekeberg
  annotations:
spec:
  type: NodePort
  selector:
    app: pa440-ekeberg
  ports:
    - port: 80
      targetPort: 8080

 kube-manifests/ingress-ssl.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pa440-ekeberg-ingress-ssl
  annotations:
    # External Load Balancer
    spec.ingressClassName: "gce"
    # Static IP for Ingress Service
    kubernetes.io/ingress.global-static-ip-name: "pa440-ekeberg-global-ip"
    # Google Managed SSL Certificates
    networking.gke.io/managed-certificates: pa440-ekeberg-managed-cert-for-ingress
spec:
  defaultBackend:
    service:
      name: pa440-ekeberg-nodeport-service
      port:
        number: 80

 kube-manifests/managed-certificate.yaml

apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: pa440-ekeberg-managed-cert-for-ingress
spec:
  domains:
    - 1.mydomain.com

Dockerfile

# Specify Ubuntu
FROM ubuntu:latest

# Update
RUN apt-get update && apt-get install -y apt-utils file
RUN apt-get install -y ca-certificates

# Open port
EXPOSE 8080

# Download LimaCharlie Adapter (will download as file name "64" to /opt/64)
ADD https://downloads.limacharlie.io/adapter/linux/64 /opt/limacharlie/lc_adapter
RUN chmod +x /opt/limacharlie/lc_adapter

RUN echo Running!
CMD ["/opt/limacharlie/lc_adapter", "syslog", "client_options.identity.installation_key=a-b-c-d-e", "client_options.identity.oid=f-g-h-i-j", "client_options.platform=text", "client_options.hostname=fw-pa440-ekeberg-kubernetes", "client_options.sensor_seed_key=fw-pa440-ekeberg-kubernetes", "port=8080", "iface=0.0.0.0", "is_udp=false"]

My steps to deploy the app:

1. Create global IP:

gcloud compute addresses create pa440-ekeberg-global-ip --global

2 Create A record:
Go to Network services -> Cloud DNS > mydomain.com > Add Standard
* DNS name: 1.mydomain.com
* Resource record type = A
* TTL: 5 minutes
* IPv4 Adress: The global IP

3 Create Repo:
gcloud artifacts repositories create pa440-ekeberg-repo --project=collectorz --repository-format=docker --location=europe-north1 --description="Docker repository"

4 Build a new version:
gcloud builds submit --tag europe-north1-docker.pkg.dev/collectorz/pa440-ekeberg-repo/pa440-ekeberg .

5 Connect to cluster:
gcloud container clusters get-credentials autopilot-cluster-1 --region europe-north1 --project collectorz

6 Apply all:
kubectl apply -f kube-manifests

 

Results

Deployment: OK

Pods: Running

NodePort Service: OK

Ingress SSL: All backend services are in UNHEALTHY state

SSL Certificate (https://console.cloud.google.com/security/ccm/list/lbCertificates😞 Active and in used by target https proxies.

 

What can I do to debug this?

 

 

0 0 119
Topic Labels
0 Likes
0 REPLIES 0
Top Labels in this Space