Hello,

I'm having a problem trying to convert an Ingress to Gateway / HTTPRoute equivalent. With Ingress, a Firewall Rule for health check is created and my backend is healthy. On the other hand, with Gateway / HTTPRoute, no Firewall Rule is created for health checks, and my backends are unhealthy.

When I define the Firewall Rule myself, it works and my backends become healthy. I don't understand why this behavior, the documentation doesn't specify it.

I've already tried to recreate the cluster (I'm in the latest version) without success.

There is my code:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: demo-gce-gm

---
apiVersion: v1
kind: Service
metadata:
  name: demo-gce-gm
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: demo-gce-gm
    app.kubernetes.io/instance: demo-gce-gm-preprod

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo-gce-gm
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: demo-gce-gm
      app.kubernetes.io/instance: demo-gce-gm-preprod
  template:
    metadata:
      labels:
        app.kubernetes.io/name: demo-gce-gm
        app.kubernetes.io/instance: demo-gce-gm-preprod
    spec:
      serviceAccountName: demo-gce-gm
      containers:
        - name: demo
          image: "my-web-app-listenning-on-8000"
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
              containerPort: 8000
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
          resources:
            limits:
              cpu: 100m
              memory: 128Mi
            requests:
              cpu: 50m
              memory: 128Mi

This is my Ingress implementation (which is works):

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-gce-gm
  annotations:
    kubernetes.io/ingress.class: gce
    kubernetes.io/ingress.global-static-ip-name: my-ip-address
spec:
  rules:
    - host: "my.domain.name"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: demo-gce-gm
                port:
                  number: 80

This is my Gateway / HTTPRoute implementation:

---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: demo-gce-gm
spec:
  parentRefs:
    - kind: Gateway
      name: demo-gce-gm
  hostnames:
    - "my.domain.name"
  rules:
    - backendRefs:
        - name: demo-gce-gm
          port: 80
    - backendRefs:
        - name: demo-gce-gm
          port: 80
      matches:
        - path:
            value: /

---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
  name: demo-gce-gm
spec:
  gatewayClassName: gke-l7-global-external-managed
  addresses:
    - type: NamedAddress
      value: my-named-address
  listeners:
    - name: http
      protocol: HTTP
      port: 80
      allowedRoutes:
        namespaces:
          from: All

 Thanks for your help.