kubernetes - 通过 Helm 安装 ingress-nginx - 检索密码时出错
问题描述
我们正在尝试按照Azure 文档ingress-nginx
中的步骤将控制器安装到 Azure Kubernetes 服务 (AKS) 集群上。
Kubernetes 版本:1.21.1 图表版本:3.36。
我们正在使用的命令:
SET REGISTRY_NAME=
SET ACR_URL=%REGISTRY_NAME%.azurecr.io
SET CONTROLLER_REGISTRY=k8s.gcr.io
SET CONTROLLER_IMAGE=ingress-nginx/controller
SET CONTROLLER_TAG=v0.48.1
SET PATCH_REGISTRY=docker.io
SET PATCH_IMAGE=jettech/kube-webhook-certgen
SET PATCH_TAG=v1.5.1
SET DEFAULTBACKEND_REGISTRY=k8s.gcr.io
SET DEFAULTBACKEND_IMAGE=defaultbackend-amd64
SET DEFAULTBACKEND_TAG=1.5
SET NAMESPACE=ingress-basic
kubectl create namespace %NAMESPACE%
kubectl apply -n %NAMESPACE% -f .\limitRanges.yaml
helm install nginx-ingress ingress-nginx/ingress-nginx ^
--namespace %NAMESPACE% ^
--version 3.36.0 ^
--set controller.replicaCount=2 ^
--set controller.nodeSelector."kubernetes\.io/os"=linux ^
--set controller.image.registry=%ACR_URL% ^
--set controller.image.image=%CONTROLLER_IMAGE% ^
--set controller.image.tag=%CONTROLLER_TAG% ^
--set controller.image.digest="" ^
--set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux ^
--set controller.admissionWebhooks.patch.image.registry=%ACR_URL% ^
--set controller.admissionWebhooks.patch.image.image=%PATCH_IMAGE% ^
--set controller.admissionWebhooks.patch.image.tag=%PATCH_TAG% ^
--set controller.admissionWebhooks.patch.image.digest="" ^
--set defaultBackend.nodeSelector."kubernetes\.io/os"=linux ^
--set defaultBackend.image.registry=%ACR_URL% ^
--set defaultBackend.image.image=%DEFAULTBACKEND_IMAGE% ^
--set defaultBackend.image.tag=%DEFAULTBACKEND_TAG% ^
--set defaultBackend.image.digest="" ^
-f internal-load-balancer.yaml ^
--debug
运行时,输出为:
install.go:173: [debug] Original chart version: "3.36.0"
install.go:190: [debug] CHART PATH: C:\Users\......\AppData\Local\Temp\helm\repository\ingress-nginx-3.36.0.tgz
client.go:290: [debug] Starting delete for "nginx-ingress-ingress-nginx-admission" ServiceAccount
client.go:319: [debug] serviceaccounts "nginx-ingress-ingress-nginx-admission" not found
client.go:128: [debug] creating 1 resource(s)
client.go:290: [debug] Starting delete for "nginx-ingress-ingress-nginx-admission" ClusterRole
client.go:128: [debug] creating 1 resource(s)
client.go:290: [debug] Starting delete for "nginx-ingress-ingress-nginx-admission" ClusterRoleBinding
client.go:128: [debug] creating 1 resource(s)
client.go:290: [debug] Starting delete for "nginx-ingress-ingress-nginx-admission" Role
client.go:319: [debug] roles.rbac.authorization.k8s.io "nginx-ingress-ingress-nginx-admission" not found
client.go:128: [debug] creating 1 resource(s)
client.go:290: [debug] Starting delete for "nginx-ingress-ingress-nginx-admission" RoleBinding
client.go:319: [debug] rolebindings.rbac.authorization.k8s.io "nginx-ingress-ingress-nginx-admission" not found
client.go:128: [debug] creating 1 resource(s)
client.go:290: [debug] Starting delete for "nginx-ingress-ingress-nginx-admission-create" Job
client.go:319: [debug] jobs.batch "nginx-ingress-ingress-nginx-admission-create" not found
client.go:128: [debug] creating 1 resource(s)
client.go:519: [debug] Watching for changes to Job nginx-ingress-ingress-nginx-admission-create with timeout of 5m0s
client.go:547: [debug] Add/Modify event for nginx-ingress-ingress-nginx-admission-create: ADDED
client.go:586: [debug] nginx-ingress-ingress-nginx-admission-create: Jobs active: 0, jobs failed: 0, jobs succeeded: 0
client.go:547: [debug] Add/Modify event for nginx-ingress-ingress-nginx-admission-create: MODIFIED
client.go:586: [debug] nginx-ingress-ingress-nginx-admission-create: Jobs active: 1, jobs failed: 0, jobs succeeded: 0
如果我查看作业的 pod 日志nginx-ingress-ingress-nginx-admission-create
,我会看到以下日志:
W0909 06:34:24.393154 1 client_config.go:608] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
{"err":"an error on the server (\"\") has prevented the request from succeeding (get secrets nginx-ingress-ingress-nginx-admission)","level":"fatal","msg":"error getting secret","source":"k8s/k8s.go:109","time":"2021-09-09T06:34:34Z"}
我有点迷失在哪里寻找更多信息。我可以看到该错误似乎与获取秘密有关,而我在kubectl get secrets -A
命令下看不到该秘密。我假设该\"\"
部分应该是错误消息,但它没有帮助。
我已经能够在一个全新的一次性集群上成功安装此图表。我的猜测是这是一个 RBAC 或权限类型问题,但没有任何关于在哪里查看的进一步信息,我没有想法。
解决方案
您需要引用这些值。我还建议简化代码 bcs 在ingress-nginx 的 Helm Chart 中默认设置所有值:
SET NAMESPACE=ingress-basic
kubectl create namespace %NAMESPACE%
kubectl apply -n %NAMESPACE% -f .\limitRanges.yaml
helm install nginx-ingress ingress-nginx/ingress-nginx ^
--namespace %NAMESPACE% ^
--version "4.0.1" ^
-set controller.replicaCount="2" ^
-f internal-load-balancer.yaml ^
--debug
推荐阅读
- oauth - 从共享点设计器工作流调用 https://login.microsoftonline.com/{tanent ID}/oauth2/token
- javascript - 事件处理程序中的 React SetState 与模拟数据和来自 API 的数据的行为不同
- node.js - 将 MS 转换为 DD:HH:MM:SS
- rust - 实现返回 HashMap::IntoIter 的 IntoIterator 时出现“类型参数数量错误”
- python - 带有输入和输出的 Python 自定义构建
- java - 在套接字 java 上读取和写入对象
- mysql - laravel morphToMany 的父模型如何在子查询中使用?
- excel - VBA 中的索引匹配匹配和用户表单问题
- google-cloud-platform - 我们可以从 cloud shell 或 gcloud 下载 Cloud Functions 吗?
- ngx-charts - 带有自定义工具提示的 Ngx Charts 自定义图表