kubernetesgoogle-cloud-platformgoogle-cloud-armor

Google Cloud Armor/Kubernetes : BackendConfig ignored by ingress


I created a backend config as described here and a cloud armor policy. Then I set the backend config on one of my service's port. It seems that the ingress ignores the BackendConfig.

I use the nginx ingress controller.


Solution

  • By following the official documentation you might stumble with some issues that have to do with your quota. You have a limit of 9 backend services by default. The gce configuration in comparison with the nginx-ingress recognises each service exposed through ingress as a backend service. The best way to troubleshoot it is by issuing

    kubectl describe ing
    

    This will give you the logs needed. The other issue that needs troubleshooting is when you don't have the correct cluster version which has supports for BackendConfig.