时间戳

首页 > 解决方案 > 通过 Helm 安装 ingress-nginx - 检索密码时出错

kubernetes - 通过 Helm 安装 ingress-nginx - 检索密码时出错

问题描述

我们正在尝试按照Azure 文档ingress-nginx中的步骤将控制器安装到 Azure Kubernetes 服务 (AKS) 集群上。

Kubernetes 版本:1.21.1 图表版本:3.36。

我们正在使用的命令:

SET REGISTRY_NAME=
SET ACR_URL=%REGISTRY_NAME%.azurecr.io
SET CONTROLLER_REGISTRY=k8s.gcr.io
SET CONTROLLER_IMAGE=ingress-nginx/controller
SET CONTROLLER_TAG=v0.48.1
SET PATCH_REGISTRY=docker.io
SET PATCH_IMAGE=jettech/kube-webhook-certgen
SET PATCH_TAG=v1.5.1
SET DEFAULTBACKEND_REGISTRY=k8s.gcr.io
SET DEFAULTBACKEND_IMAGE=defaultbackend-amd64
SET DEFAULTBACKEND_TAG=1.5

SET NAMESPACE=ingress-basic

kubectl create namespace %NAMESPACE%
kubectl apply -n %NAMESPACE% -f .\limitRanges.yaml

helm install nginx-ingress ingress-nginx/ingress-nginx ^
    --namespace %NAMESPACE% ^
    --version 3.36.0 ^
    --set controller.replicaCount=2 ^
    --set controller.nodeSelector."kubernetes\.io/os"=linux ^
    --set controller.image.registry=%ACR_URL% ^
    --set controller.image.image=%CONTROLLER_IMAGE% ^
    --set controller.image.tag=%CONTROLLER_TAG% ^
    --set controller.image.digest="" ^
    --set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux ^
    --set controller.admissionWebhooks.patch.image.registry=%ACR_URL% ^
    --set controller.admissionWebhooks.patch.image.image=%PATCH_IMAGE% ^
    --set controller.admissionWebhooks.patch.image.tag=%PATCH_TAG% ^
    --set controller.admissionWebhooks.patch.image.digest="" ^
    --set defaultBackend.nodeSelector."kubernetes\.io/os"=linux ^
    --set defaultBackend.image.registry=%ACR_URL% ^
    --set defaultBackend.image.image=%DEFAULTBACKEND_IMAGE% ^
    --set defaultBackend.image.tag=%DEFAULTBACKEND_TAG% ^
    --set defaultBackend.image.digest="" ^
    -f internal-load-balancer.yaml ^
    --debug

运行时,输出为:

install.go:173: [debug] Original chart version: "3.36.0"
install.go:190: [debug] CHART PATH: C:\Users\......\AppData\Local\Temp\helm\repository\ingress-nginx-3.36.0.tgz

client.go:290: [debug] Starting delete for "nginx-ingress-ingress-nginx-admission" ServiceAccount
client.go:319: [debug] serviceaccounts "nginx-ingress-ingress-nginx-admission" not found
client.go:128: [debug] creating 1 resource(s)
client.go:290: [debug] Starting delete for "nginx-ingress-ingress-nginx-admission" ClusterRole
client.go:128: [debug] creating 1 resource(s)
client.go:290: [debug] Starting delete for "nginx-ingress-ingress-nginx-admission" ClusterRoleBinding
client.go:128: [debug] creating 1 resource(s)
client.go:290: [debug] Starting delete for "nginx-ingress-ingress-nginx-admission" Role
client.go:319: [debug] roles.rbac.authorization.k8s.io "nginx-ingress-ingress-nginx-admission" not found
client.go:128: [debug] creating 1 resource(s)
client.go:290: [debug] Starting delete for "nginx-ingress-ingress-nginx-admission" RoleBinding
client.go:319: [debug] rolebindings.rbac.authorization.k8s.io "nginx-ingress-ingress-nginx-admission" not found
client.go:128: [debug] creating 1 resource(s)
client.go:290: [debug] Starting delete for "nginx-ingress-ingress-nginx-admission-create" Job
client.go:319: [debug] jobs.batch "nginx-ingress-ingress-nginx-admission-create" not found
client.go:128: [debug] creating 1 resource(s)
client.go:519: [debug] Watching for changes to Job nginx-ingress-ingress-nginx-admission-create with timeout of 5m0s
client.go:547: [debug] Add/Modify event for nginx-ingress-ingress-nginx-admission-create: ADDED
client.go:586: [debug] nginx-ingress-ingress-nginx-admission-create: Jobs active: 0, jobs failed: 0, jobs succeeded: 0
client.go:547: [debug] Add/Modify event for nginx-ingress-ingress-nginx-admission-create: MODIFIED
client.go:586: [debug] nginx-ingress-ingress-nginx-admission-create: Jobs active: 1, jobs failed: 0, jobs succeeded: 0

如果我查看作业的 pod 日志nginx-ingress-ingress-nginx-admission-create,我会看到以下日志:

W0909 06:34:24.393154       1 client_config.go:608] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
{"err":"an error on the server (\"\") has prevented the request from succeeding (get secrets nginx-ingress-ingress-nginx-admission)","level":"fatal","msg":"error getting secret","source":"k8s/k8s.go:109","time":"2021-09-09T06:34:34Z"}

我有点迷失在哪里寻找更多信息。我可以看到该错误似乎与获取秘密有关,而我在kubectl get secrets -A命令下看不到该秘密。我假设该\"\"部分应该是错误消息,但它没有帮助。

我已经能够在一个全新的一次性集群上成功安装此图表。我的猜测是这是一个 RBAC 或权限类型问题,但没有任何关于在哪里查看的进一步信息,我没有想法。

标签: kuberneteskubernetes-helmazure-aksnginx-ingress

解决方案

您需要引用这些值。我还建议简化代码 bcs 在ingress-nginx 的 Helm Chart 中默认设置所有值:

SET NAMESPACE=ingress-basic

kubectl create namespace %NAMESPACE%
kubectl apply -n %NAMESPACE% -f .\limitRanges.yaml

helm install nginx-ingress ingress-nginx/ingress-nginx ^
    --namespace %NAMESPACE% ^
    --version "4.0.1" ^
    -set controller.replicaCount="2" ^
    -f internal-load-balancer.yaml ^
    --debug

推荐阅读