kubernetes - 无法在 Kubernetes 环境中创建 ALBIngressController
问题描述
我正在 Kubernetes 环境中创建一个应用程序负载均衡器 (AWSALBIngressController-v1.1.6)。在创建它时,由于某种原因,我收到以下错误 -
E1111 06:02:13.117566 1 controller.go:217] kubebuilder/controller "msg"="Reconciler error" "error"="failed to reconcile LB managed SecurityGroup: failed to reconcile managed LoadBalancer securityGroup: NoCredentialProviders: no valid providers in chain . 已弃用。\n\t有关详细消息,请参阅 aws.Config.CredentialsChainVerboseErrors" "controller"="alb-ingress-controller" "request"={"Namespace":"sampleNamespace","Name":"alb-ingress"}
以下是供参考的 ALB 配置文件 -
ALB 控制器部署文件-
---
# Application Load Balancer (ALB) Ingress Controller Deployment Manifest.
# This manifest details sensible defaults for deploying an ALB Ingress Controller.
# GitHub: https://github.com/kubernetes-sigs/aws-alb-ingress-controller
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
name: alb-ingress-controller
# Namespace the ALB Ingress Controller should run in. Does not impact which
# namespaces it's able to resolve ingress resource for. For limiting ingress
# namespace scope, see --watch-namespace.
namespace: kube-system
spec:
selector:
matchLabels:
app.kubernetes.io/name: alb-ingress-controller
template:
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
spec:
containers:
- name: alb-ingress-controller
args:
- --ingress-class=alb
- --watch-namespace=sampleNamespace
- --cluster-name=ckuster-xl
- --aws-vpc-id=vpc-3d53e783
- --aws-region=us-east-1
- --default-tags=Name=tag1-xl-ALB,mgr=mgrname
# newer version (v1.1.7) of the alb-ingress-controller image requires iam permission to wafv2
# even when no wafv2 annotation is used
image: docker.io/amazon/aws-alb-ingress-controller:v1.1.6
resources:
requests:
cpu: 100m
memory: 90Mi
limits:
cpu: 200m
memory: 200Mi
serviceAccountName: alb-ingress-controller
RBAC yaml 文件-
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
name: alb-ingress-controller
rules:
- apiGroups:
- ""
- extensions
resources:
- configmaps
- endpoints
- events
- ingresses
- ingresses/status
- services
verbs:
- create
- get
- list
- update
- watch
- patch
- apiGroups:
- ""
- extensions
resources:
- nodes
- pods
- secrets
- services
- namespaces
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
name: alb-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: alb-ingress-controller
subjects:
- kind: ServiceAccount
name: alb-ingress-controller
namespace: kube-system
我尝试了一些解决方案,例如在 ALB 部署文件中添加 args - --aws-api-debug, - --aws-region args 和在 kiam 服务器中添加 --auto-discover-base-arn , --auto-discover-default-role yaml 文件,但它没有工作。
解决方案
推荐阅读
- vba - 如何使用 MSXML2.XMLHTTP 和 VBA 进行身份验证?
- pandas - 我需要根据两列从 DF 中删除重复项并根据第三列返回带最小值和最大值的行
- android - 如何处理 RecyclerView 中的可变高度图像?
- c++ - 如何从cpp中的函数返回二维数组
- javascript - 使用未知/动态内容高度转换高度的最佳方法?
- r - 从德雷克图形可视化中排除从包中导入的函数?
- twitter-bootstrap - 如何获得此 UI 效果
- node.js - 在另一个系统上确认用户
- google-api - 无法为 GMB 业务订阅发布/订阅推送通知
- cordova - 除了 Google 地图之外,将地图包含到我的 Cordova 项目中的免费替代方案