Error creating http to https redirect

Google Cloud Serverless Applications
1

I am trying to follow this tutorial to setup an https redirect on my existing load balancer. Unfortunately, when using the same reserve ip address when creating the partial balancer I get the error below.

ERROR: (gcloud.compute.forwarding-rules.create) Could not fetch resource:
 - Invalid value for field 'resource.IPAddress': 'https://compute.googleapis.com/compute/v1/projects/hot-malaysia-deals/global/addresses/shiok-deals-ip'. Specified IP address is in-use and would result in a conflict.

Any help is appreciated. Thanks

1 Like
2

Is that from step #6 in the tutorial?

gcloud compute forwarding-rules create http-content-rule \
           --load-balancing-scheme=EXTERNAL \
           --network-tier=PREMIUM \
           --address=lb-ipv4-1 \
           --global \
           --target-http-proxy=http-lb-proxy \
           --ports=80
3

Hi, yes and

lb-ipv4-1

should be the existing ip address created before

4

Is your loadbalancer provisioned from GKE or did you manually provision it ?

5

Hi, if I understand correctly yes it is

6

Yes it is for which one ? Via GKE or manually provisioned ?

If your LoadBalancer is provisioned via GKE can you please share your yaml manifests ?

7

I mean via GKE, here is the manifest

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: managed-cert-ingress
  annotations:
    kubernetes.io/ingress.global-static-ip-name: shiok-deals-ip
    networking.gke.io/managed-certificates: shiok-deals-cert
    kubernetes.io/ingress.class: "gce"
spec:
  rules:
    - host: shiok.deals
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: front-service
                port:
                  number: 80
    - host: www.shiok.deals
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: front-service
                port:
                  number: 80
    - host: backend.shiok.deals
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: back-service
                port:
                  number: 9001
8

In that case you should not change the loadbalancer configuration manually. any changes made will be reversed by the Ingress controller.

You can however implement http to https redirect using a FrontendConfig object. Here is a tutorial to help you out [1]

In a nutshell you should create a FrontendConfig object like this

apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
  name: ingress-security-config
spec:
  sslPolicy: gke-ingress-ssl-policy
  redirectToHttps:
    enabled: true

And add an annotation to your Ingress object like this

networking.gke.io/v1beta1.FrontendConfig: ingress-security-config

This might require you to re-create the Ingress from scratch

[1] https://github.com/GoogleCloudPlatform/gke-networking-recipes/tree/master/ingress/single-cluster/ingress-https

1 Like
9

Check also this doc https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features

to make sure your Cluster version support the FronendConfig objects

10

@abdelfettah just a quick question, is the SSL Policy the same with the google managed certificate I’ve created before.

Thanks

11

Ok no worries I already get it . Thanks anyway