Health Checks on Google Kubernetes Engine when URL is https


#1

This is really an issue with GKE (Google Kubernetes Engine) / GCE Ingress that is essentially caused by the fact that the default ingress controller (GCE Ingress) for GKE requires a healthy Ghost container to return to return code 200 to a request directed to the base ‘/’ path.

The problem here is that when the Ghost URL is configured as https the default behavior is to send a 301 redirect — which of course is NOT the code 200 that the health check for the ghost container is expecting.

This results in the Load Balancer believing that the ghost service is not healthy — and therefore not directing any traffic in ghosts direction (while returning code 502). This is REALLY confusing to trouble shoot since the real issue here is two part — GKE health checks are not as flexibile / easy to configure as it might be AND I couldn’t figure out how to disable the Ghost 301 redirect on specific paths.

My question (I guess) is:

Can the Ghost 301 Redirects be disabled on a specific path only?

This would be super convenient since it IS possible to modify the health check path location from the GCP console. For instance this would let you disable redirects on /healthz — and then point a custom health check to that path in order to prove the Ghost container is healthy.

Currently
My current solution that seems to be a little bit more fragile is to change the health check for Ghost to TCP pointed at the Node Port for the service (from the Load Balancing section of GCP). This works BUT I have had a couple instances where the health check starts failing for seemingly no reason.

Keep in mind the above DOES NOT apply to you if you are on anything other than GKE (ie. AKS etc). It relates specifically to how the default GCE Ingress deployed by GKE creates health checks — and how that interacts with the default Ghost behaviors.

I am hoping someone with understanding of the Ghost Core redirect works when the Ghost URL is set to https might be able to comment.


closed #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.