无法应用 Nginx 入口控制器
Unable to apply Nginx ingress controller
我在本地系统中有 3 个 VMS 运行,每个 1 个主服务器,2 个节点。我已经安装了 weave CNI 网络。我正在尝试使用
安装 Nginx 入口控制器
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml
但是我无法创建它。我对 AWS Ec2 实例进行了同样的尝试。它总是崩溃
我看过描述
在 admission-create pod MountVolume.SetUp failed for volume "kube-api-access-kdhpc" : object "ingress-nginx"/"kube-root-ca.crt" not registered
中收到此错误
并且 admission-patch,controller pod 不断重启
控制器 pod 输出
我在这里有点震惊。我也尝试过使用 flannel cni,结果是一样的。
任何建议表示赞赏。
我认为你应该使用这个(用于裸机)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.31.1/deploy/static/provider/baremetal/deploy.yaml
关注这篇文章:
试试这些步骤,这些配置很适合我。
入口控制器
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-controller
namespace: ingress-space
spec:
replicas: 1
selector:
matchLabels:
name: nginx-ingress
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
name: nginx-ingress
spec:
containers:
- args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --default-backend-service=app-space/default-http-backend
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
imagePullPolicy: IfNotPresent
name: nginx-ingress-controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
restartPolicy: Always
serviceAccount: ingress-serviceaccount
serviceAccountName: ingress-serviceaccount
terminationGracePeriodSeconds: 30
入口服务
根据您的配置应用此 NodePort 或 LoadBalancer:
apiVersion: v1
kind: Service
metadata:
name: ingress
namespace: ingress-space
spec:
ports:
- name: http
nodePort: 30080
port: 80
protocol: TCP
targetPort: 80
- name: https
nodePort: 31640
port: 443
protocol: TCP
targetPort: 443
selector:
name: nginx-ingress
type: NodePort
Ingress 的角色
您需要为入口创建一个服务帐户,您选择的任何名称,应用这些 rbac 集群角色和集群角色绑定
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ingress-role
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- update
- create
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- list
- apiGroups:
- networking.k8s.io
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- apiGroups:
- networking.k8s.io
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- k8s.nginx.org
resources:
- virtualservers
- virtualserverroutes
- globalconfigurations
- transportservers
- policies
verbs:
- list
- watch
- get
- apiGroups:
- k8s.nginx.org
resources:
- virtualservers/status
- virtualserverroutes/status
- policies/status
- transportservers/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ingress-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-role
subjects:
- kind: ServiceAccount
name: ingress-serviceaccount
namespace: ingress-space
您的入口源已准备好安装,请参阅https://kubernetes.io/docs/concepts/services-networking/ingress/并应用入口资源
我在本地系统中有 3 个 VMS 运行,每个 1 个主服务器,2 个节点。我已经安装了 weave CNI 网络。我正在尝试使用
安装 Nginx 入口控制器kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml
但是我无法创建它。我对 AWS Ec2 实例进行了同样的尝试。它总是崩溃
MountVolume.SetUp failed for volume "kube-api-access-kdhpc" : object "ingress-nginx"/"kube-root-ca.crt" not registered
并且 admission-patch,controller pod 不断重启
控制器 pod 输出
我认为你应该使用这个(用于裸机)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.31.1/deploy/static/provider/baremetal/deploy.yaml
关注这篇文章:
试试这些步骤,这些配置很适合我。
入口控制器
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-controller
namespace: ingress-space
spec:
replicas: 1
selector:
matchLabels:
name: nginx-ingress
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
name: nginx-ingress
spec:
containers:
- args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --default-backend-service=app-space/default-http-backend
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
imagePullPolicy: IfNotPresent
name: nginx-ingress-controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
restartPolicy: Always
serviceAccount: ingress-serviceaccount
serviceAccountName: ingress-serviceaccount
terminationGracePeriodSeconds: 30
入口服务
根据您的配置应用此 NodePort 或 LoadBalancer:
apiVersion: v1
kind: Service
metadata:
name: ingress
namespace: ingress-space
spec:
ports:
- name: http
nodePort: 30080
port: 80
protocol: TCP
targetPort: 80
- name: https
nodePort: 31640
port: 443
protocol: TCP
targetPort: 443
selector:
name: nginx-ingress
type: NodePort
Ingress 的角色
您需要为入口创建一个服务帐户,您选择的任何名称,应用这些 rbac 集群角色和集群角色绑定
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ingress-role
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- update
- create
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- list
- apiGroups:
- networking.k8s.io
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- apiGroups:
- networking.k8s.io
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- k8s.nginx.org
resources:
- virtualservers
- virtualserverroutes
- globalconfigurations
- transportservers
- policies
verbs:
- list
- watch
- get
- apiGroups:
- k8s.nginx.org
resources:
- virtualservers/status
- virtualserverroutes/status
- policies/status
- transportservers/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ingress-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-role
subjects:
- kind: ServiceAccount
name: ingress-serviceaccount
namespace: ingress-space
您的入口源已准备好安装,请参阅https://kubernetes.io/docs/concepts/services-networking/ingress/并应用入口资源