0

So, I started out trying to fix what was supposed to be a simple issue on my company's website. The HTTP was not redirecting to the HTTPS.

To try to resolve this, I tried deleting the HTTPS load balancer so that I could recreate it with the redirect.

However, now, 3 days later, another developer and myself can't get it recreated and can't figure out why.

When I try creating the load balancer, I get the error:

Invalid value for field 'resource.IPAddress': 'projects/bes-com/global/addresses/bes-load-balancer-ip'. Specified IP address is in-use and would result in a conflict.

If I go to IP Addresses, the specified IP address says "In use by: None"

I also tried recreating the load balancer with a new IP Address instead of the current one, but this one didn't work either.

With this, I got:

Operation type [patch] failed with message "Validation failed for instance 'projects/bes-com/zones/us-central1-c/instances/gke-bes-com-bes-com-n-37339480-9xpj': instance may belong to at most one load-balanced instance group."

If I go to the Ingress, it has this error at the top:

Error syncing to GCP: error running backend syncing routine: received errors when updating backend service: googleapi: Error 400: INSTANCE_IN_MULTIPLE_LOAD_BALANCED_IGS - Validation failed for instance 'projects/bes-com/zones/us-central1-c/instances/gke-bes-com-bes-com-n-37339480-9xpj': instance may belong to at most one load-balanced instance group. googleapi: Error 400: INSTANCE_IN_MULTIPLE_LOAD_BALANCED_IGS

Note that I did not create this website. I inherited it, and am new to GCP so am learning as I go. However, I have to get this website back up and do not know where to go next. Thanks for any help, and please let me know what I can show.

Improve this question
5
  • 1
    Can you run this command gcloud compute backend-services list. It is possible that you have one or more hanging backend services that is why you are getting this error message. Error syncing to GCP: error running backend syncing routine: received errors when updating backend service: googleapi: Error 400: INSTANCE_IN_MULTIPLE_LOAD_BALANCED_IGS - Validation failed for instance If you have to delete the backend-services, here is the command for that: gcloud compute backend-services delete [SERVICE-NAME]. Commented Aug 31, 2022 at 5:27
  • This lists 5 different backend services. The same ones that I can see when I go to Network services => Load balancing and then click on the BACKENDS tab. All of them have the format of: NAME: [service name] BACKENDS: PROTOCOL: HTTP With 4 of them, BACKENDS is blank. The 5th one lists one of the instance groups. I'm not sure what I'm looking for with them, or why I'd delete them. Commented Sep 1, 2022 at 1:34
  • Make sure that the instance (GKE node included) is only part of a single Managed Instance Group (MIG). Make sure that the MIG is not part of any backend which is being used by one or more Load balancing, this is a limitation. Please check the document Restrictions and guidance for instance groups. To bypass this limitation, please check this document Container-native load balancing through Ingress. Commented Sep 1, 2022 at 5:57
  • There are currently NO load balancers, it was deleted. Also why did you want me to list out the back end services? This was a completely working site for quite a while. I simply deleted the load balancer to try to recreate it and now I can't, due to the error messages above. No, none of the instances are part of more than one MIG. Commented Sep 1, 2022 at 21:41
  • Can you check if you have this in your Ingress YAML manifest? kubernetes.io/ingress.global-static-ip-name: "bes-load-balancer-ip" Or if possible, can you share with us your Ingress YAML file. kubernetes.io/ingress.global-static-ip-name: "bes-load-balancer-ip" Commented Sep 7, 2022 at 22:10

1 Answer 1

Reset to default
1

Note: Make sure your domain is accessible via https and Google managed certificate is already in Active status and fully propagated. Also, these steps are part of the troubleshooting steps. It was posted as an answer since it won't fit in the comment section. If you have questions or clarifications, you may reply in the comment section.

I ask you to list the backend services, for you to confirm that no MIG is used in multiple backend services.

If you are deploying using YAML, I recommend using this procedure as a reference. Since your primary concern is the redirection from HTTP to HTTPs, let me share some basic configuration in deploying GKE redirection using an existing static frontend static IP address and managed SSL certificate.

1. In Cloud shell. Execute below commands to point which region and cluster you’re working on.
gcloud config set compute/zone us-central1-a
gcloud container clusters get-credentials test-gke

test-gke > your existing cluster 
us-central1-a  > “test-gke” cluster region

2. In Cloud shell, create redirection YAML file

sudo nano web-redirect.yaml

web-redirect.yaml  > preferred YAML filename

3. Copy paste below lines

apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
 name: my-frontend-config
spec:
 redirectToHttps:
   enabled: true
   responseCodeName: PERMANENT_REDIRECT

my-frontend-config > preferred name for frontend config
PERMANENT_REDIRECT > for http - https redirection. To return a 308 redirect response code.

4. Save the web-redirect.yaml file. Press ctrl + o to write the lines, then Enter to verify the filename lastly ctrl + x to exit.

5. Apply the resource to the cluster 
kubectl apply -f web-redirect.yaml

6. Modify your existing ingress yaml (sample: web-ingress.yaml)
sudo nano web-ingress.yaml

7. Add the annotation to use the manifested FrontendConfig:
Sample modified ingress YAML:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: basic-ingress
  annotations:
    networking.gke.io/v1beta1.FrontendConfig: "my-frontend-config"
    kubernetes.io/ingress.global-static-ip-name: "bes-load-balancer-ip"
    networking.gke.io/managed-certificates: "managed-cert"
    kubernetes.io/ingress.class: "gce"
spec:
  defaultBackend:
    service:
      name: web
      port:
        number: 8080

my-frontend-config  > FrontendConfig metadata name in web-redirect.yaml
web > name of service deployed in your cluster
bes-load-balancer-ip> name of reserve external IP
managed-cert > name of managed certificate

8. Save the existing ingress.yaml file. Press ctrl + o to write the lines, then Enter to verify the filename lastly ctrl + x to exit.

9. Apply the resource to the cluster:
kubectl apply -f <ingress.yaml>

For more information, you may check these documents HTTP to HTTPS redirects, and Say goodbye to improvised HTTPS Redirection Workarounds.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks for the information. For starters, no, my primary concern is not the HTTP to HTTPS redirect. That was simply what started this. My primary concern right now is to get the website back up. I cannot create a load balancer for the site because it won't let me (the errors listed in my initial post). The site is completely down and has been for over a week. I cannot figure out what is preventing me from re-creating the load balancer that used to exist and function. The redirect is the least of my concerns at the moment.
Can you check if you have this in your Ingress YAML manifest? Or if possible, can you share with us your Ingress YAML file. kubernetes.io/ingress.global-static-ip-name: "bes-load-balancer-ip"

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.