时间戳

首页 > 解决方案 > 无法在 Kubernetes 环境中创建 ALBIngressController

kubernetes - 无法在 Kubernetes 环境中创建 ALBIngressController

问题描述

我正在 Kubernetes 环境中创建一个应用程序负载均衡器 (AWSALBIngressController-v1.1.6)。在创建它时,由于某种原因,我收到以下错误 -

E1111 06:02:13.117566 1 controller.go:217] kubebuilder/controller "msg"="Reconciler error" "error"="failed to reconcile LB managed SecurityGroup: failed to reconcile managed LoadBalancer securityGroup: NoCredentialProviders: no valid providers in chain . 已弃用。\n\t有关详细消息,请参阅 aws.Config.CredentialsChainVerboseErrors" "controller"="alb-ingress-controller" "request"={"Namespace":"sampleNamespace","Name":"alb-ingress"}

以下是供参考的 ALB 配置文件 -

ALB 控制器部署文件-

---
# Application Load Balancer (ALB) Ingress Controller Deployment Manifest.
# This manifest details sensible defaults for deploying an ALB Ingress Controller.
# GitHub: https://github.com/kubernetes-sigs/aws-alb-ingress-controller
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/name: alb-ingress-controller
  name: alb-ingress-controller
  # Namespace the ALB Ingress Controller should run in. Does not impact which
  # namespaces it's able to resolve ingress resource for. For limiting ingress
  # namespace scope, see --watch-namespace.
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: alb-ingress-controller
  template:
    metadata:
      labels:
        app.kubernetes.io/name: alb-ingress-controller
    spec:
      containers:
        - name: alb-ingress-controller
          args:
            - --ingress-class=alb
            - --watch-namespace=sampleNamespace
            - --cluster-name=ckuster-xl
            - --aws-vpc-id=vpc-3d53e783
            - --aws-region=us-east-1
            - --default-tags=Name=tag1-xl-ALB,mgr=mgrname
          # newer version (v1.1.7) of the alb-ingress-controller image requires iam permission to wafv2
          # even when no wafv2 annotation is used
          image: docker.io/amazon/aws-alb-ingress-controller:v1.1.6
          resources:
            requests:

              cpu: 100m
              memory: 90Mi
            limits:
              cpu: 200m
              memory: 200Mi
      serviceAccountName: alb-ingress-controller

RBAC yaml 文件-

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/name: alb-ingress-controller
  name: alb-ingress-controller
rules:
  - apiGroups:
      - ""
      - extensions
    resources:
      - configmaps
      - endpoints
      - events
      - ingresses
      - ingresses/status
      - services
    verbs:
      - create
      - get
      - list
      - update
      - watch
      - patch
  - apiGroups:
      - ""
      - extensions
    resources:
      - nodes
      - pods
      - secrets
      - services
      - namespaces
    verbs:
      - get
      - list
      - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app.kubernetes.io/name: alb-ingress-controller
  name: alb-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: alb-ingress-controller
subjects:
  - kind: ServiceAccount
    name: alb-ingress-controller
    namespace: kube-system

我尝试了一些解决方案,例如在 ALB 部署文件中添加 args - --aws-api-debug, - --aws-region args 和在 kiam 服务器中添加 --auto-discover-base-arn , --auto-discover-default-role yaml 文件,但它没有工作。

标签: kuberneteskubectlaws-application-load-balancer

解决方案

推荐阅读