GKE load balancer "UNHEALTHY state" after multiple suggestions

kubernetes google-kubernetes-engine google-cloud-http-load-balancer

I have been trying to set up a simple Kubernetes cluster with one container, a node port, and an ingres load balancer. However, no matter what I do, the ingres load balancer always shows, "Some backend services are in UNHEALTHY state." I have searched several forums and found the following suggestions:

  • Increase the size of the nodes
  • Change the externalTrafficPolicy of the node port service from Cluster to Local (or Local to Cluster)
  • Add a readinessProbe and livenessProbe to the workload/container

I have also read that due to a bug in the GKE load balancer, any changes in the node port service requires that the load balancer be deleted and rebuilt. So, I have tried every combination of the suggestions above, deleted and rebuilt the load balancer after every change, and waited 15 minutes for the load balancer to build successfully. Still, I have had no luck. What's more frustrating is that I don't know where to look for logs that would give me further information so I can solve this myself.

Let me know what other information I can provide. I'm fairly new to Kubernetes but am otherwise a very technical person, so I'm happy to provide details/logs/configs. Thank you for your help!


Solution 1:

I figured it out. I guess I didn't realize just how tailor-made the liveness/readiness/startup probes need to be. I'm running Nextcloud and Keycloak, and I managed to find configurations specifically for these systems. For posterity sake, I'll post the configurations that work for these platforms.

Nextcloud

ports:
- containerPort: 80
  name: http
  protocol: TCP
livenessProbe:
  failureThreshold: 3
  httpGet:
    httpHeaders:
    - name: Host
      value: [YOUR-DOMAIN.TLD]
    path: /status.php
    port: http
    scheme: HTTP
  initialDelaySeconds: 10
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 5
readinessProbe:
  failureThreshold: 3
  httpGet:
    httpHeaders:
    - name: Host
      value: [YOUR-DOMAIN.TLD]
    path: /status.php
    port: http
    scheme: HTTP
  initialDelaySeconds: 10
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 5
startupProbe:
  failureThreshold: 3
  httpGet:
    httpHeaders:
    - name: Host
      value: [YOUR-DOMAIN.TLD]
    path: /status.php
    port: http
    scheme: HTTP
  initialDelaySeconds: 10
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 5

Keycloak

ports:
- containerPort: 8080
  name: http
  protocol: TCP
livenessProbe:
  failureThreshold: 3
  httpGet:
    path: /auth/
    port: http
    scheme: HTTP
  initialDelaySeconds: 10
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 5
readinessProbe:
  failureThreshold: 3
  httpGet:
    path: /auth/realms/master
    port: http
    scheme: HTTP
  initialDelaySeconds: 10
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 5
startupProbe:
  failureThreshold: 60
  httpGet:
    path: /auth/
    port: http
    scheme: HTTP
  initialDelaySeconds: 30
  periodSeconds: 5
  successThreshold: 1
  timeoutSeconds: 5

Related

SQL Server VSS Writer, Hyper-V and SQL Server 2008 backups
nginx - 301 redirect wrong URLs used on extern website
How to forward port 8080 from a distant server to the client from the client using a tunnel ssh?
NGINX auth_basic exclude GET request to specific php script
Bucket retention policies and malicious actors
Can we connect 2 VPN gateways with 2 vnets with the same ip range in Azure?
AWS VPC Internet Gateway traffic direction
Changing person and tense in a quote
Placement of "just" in "we just need minified and concatenated files" [closed]
What does the term 'consequential seniority' mean?
OK to use two "there"s in a sentence?
"For no other reason than" vs. "for no other reason that" vs. "for no other reason than that"