基于此文件https://github.com/kubernetes/ingress/tree/master/examples/deployment/nginx/kubeadm 我正在创建nginx控制器。但我的控制器没有启动。它给出了以下错误消息。
2017-05-21T17:15:45.274300000Z I0521 17:15:45.259441 1 launch.go:101] &{NGINX 0.9.0-beta.5 git-83cb03b5 git@github.com:ixdy/kubernetes-ingress.git}
2017-05-21T17:15:45.274448000Z I0521 17:15:45.259460 1 launch.go:104] Watching for ingress class: nginx
2017-05-21T17:15:45.274563000Z I0521 17:15:45.259620 1 launch.go:257] Creating API server client for https://10.96.0.1:443
2017-05-21T17:15:45.274670000Z I0521 17:15:45.258931 1 nginx.go:180] starting NGINX process...
2017-05-21T17:15:45.310531000Z F0521 17:15:45.303209 1 launch.go:118] no service with name kube-system/default-http-backend found: User "system:serviceaccount:kube-system:default" cannot get services in the namespace "kube-system". (get services default-http-backend)
我看到默认的后端服务正在运行。
$ kubectl --kubeconfig=/c/software/k612_centos/admin.conf -n kube-system get po
NAME READY STATUS RESTARTS AGE
default-http-backend-2198840601-zt8gt 1/1 Running 0 6m
nginx-ingress-controller-4108150732-q2rb2 0/1 CrashLoopBackOff 6 6m
如何清除此错误消息?
由于 SR
答案 0 :(得分:2)
如果您使用的是kubenetes 1.6.x,则需要为控制器定义RBAC规则,以访问default-http-backend服务和其他必需组件。
请参阅此问题
https://github.com/kubernetes/ingress/issues/575
第一条评论中的清单文件对我来说很好。
答案 1 :(得分:0)
Here我找到了一个适合我的例子。仅仅为了记录,我修改了RBAC以使用nginx-ingress命名空间的默认服务帐户,因为我已经在群集中启用RBAC时已经破解了一个有效的gitlab安装。
以防链接过时,我复制下面的RBAC设置:
apiVersion: v1
kind: Namespace
metadata:
name: nginx-ingress
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: nginx-ingress
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: nginx-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
verbs:
- get
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: nginx-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: nginx-ingress
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: nginx-ingress