kubernetes-helm - 领事头盔失败
问题描述
我正在尝试使用 helm 在 eks 中运行领事。我跑了下面的命令
helm repo 添加 hashcorp https://helm.releases.hashicorp.com
kubectl create secret generic consul-gossip-encryption-key --from-literal=key=$(consul keygen) -n common
helm install consul hashcorp/consul --namespace common --set global.name=consul -f helm-consul-config.yaml --debug
它给了我以下错误
install.go:173: [debug] Original chart version: ""
install.go:190: [debug] CHART PATH: /root/.cache/helm/repository/consul-0.33.0.tgz
client.go:282: [debug] Starting delete for "consul-tls-init" ServiceAccount
client.go:122: [debug] creating 1 resource(s)
client.go:282: [debug] Starting delete for "consul-tls-init" Role
client.go:122: [debug] creating 1 resource(s)
client.go:282: [debug] Starting delete for "consul-tls-init" RoleBinding
client.go:122: [debug] creating 1 resource(s)
client.go:282: [debug] Starting delete for "consul-tls-init" Job
client.go:122: [debug] creating 1 resource(s)
client.go:491: [debug] Watching for changes to Job consul-tls-init with timeout of 5m0s
client.go:519: [debug] Add/Modify event for consul-tls-init: ADDED
client.go:558: [debug] consul-tls-init: Jobs active: 0, jobs failed: 0, jobs succeeded: 0
client.go:519: [debug] Add/Modify event for consul-tls-init: MODIFIED
client.go:558: [debug] consul-tls-init: Jobs active: 1, jobs failed: 0, jobs succeeded: 0
client.go:519: [debug] Add/Modify event for consul-tls-init: MODIFIED
client.go:558: [debug] consul-tls-init: Jobs active: 1, jobs failed: 1, jobs succeeded: 0
client.go:519: [debug] Add/Modify event for consul-tls-init: MODIFIED
client.go:558: [debug] consul-tls-init: Jobs active: 1, jobs failed: 2, jobs succeeded: 0
检查 pod 日志后,我看到以下错误
kubectl 日志 consul-tls-init-jqk8s -n common
/bin/sh: consul-k8s-control-plane: 未找到
下面是我的 helm 配置文件
enabled: true
name: null
domain: consul
image: "consul:1.7.2"
imagePullSecrets: []
imageK8S: "hashicorp/consul-k8s:0.14.0"
datacenter: dc1
enablePodSecurityPolicies: false
gossipEncryption:
# secretName is the name of the Kubernetes secret that holds the gossip
# encryption key. The secret must be in the same namespace that Consul is installed into.
secretName: "consul-gossip-encryption-key"
holds the gossip
# encryption key.
secretKey: "key"
tls:
enabled: true
enableAutoEncrypt: true
serverAdditionalDNSSANs: ["'consul.service.consul'"]
serverAdditionalIPSANs: []
verify: true
httpsOnly: true
caCert:
secretName: null
secretKey: null
# certificates.
caKey:
secretName: null
secretKey: null
enableConsulNamespaces: false
# [DEPRECATED] Use acls.manageSystemACLs instead.
bootstrapACLs: false
# Configure ACLs.
acls:
# If true, the Helm chart will automatically manage ACL tokens and policies
# for all Consul and consul-k8s components. This requires Consul >= 1.4 and consul-k8s >= 0.14.0.
manageSystemACLs: false
# bootstrapToken references a Kubernetes secret containing the bootstrap token to use
# for creating policies and tokens for all Consul and consul-k8s components.
# If set, we will skip ACL bootstrapping of the servers and will only initialize
# ACLs for the Consul and consul-k8s system components.
# Requires consul-k8s >= 0.14.0
bootstrapToken:
secretName: null
secretKey: null
createReplicationToken: false
replicationToken:
secretName: null
secretKey: null
server:
enabled: "-"
image: null
replicas: 3
bootstrapExpect: 3 # Should <= replicas count
enterpriseLicense:
secretName: null
secretKey: null
storage: 10Gi
storageClass: null
connect: true
resources: null
# updatePartition is used to control a careful rolling update of Consul
# servers. This should be done particularly when changing the version
# of Consul. Please refer to the documentation for more information.
updatePartition: 0
# disruptionBudget enables the creation of a PodDisruptionBudget to
# prevent voluntary degrading of the Consul server cluster.
disruptionBudget:
enabled: true
# maxUnavailable will default to (n/2)-1 where n is the number of
# replicas. If you'd like a custom value, you can specify an override here.
maxUnavailable: null
# extraConfig is a raw string of extra configuration to set with the
# server. This should be JSON.
extraConfig: |
{}
extraVolumes: []
# Affinity Settings
# Commenting out or setting as empty the affinity variable, will allow
# deployment to single node services such as Minikube
affinity: |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: server
topologyKey: kubernetes.io/hostname
# Toleration Settings for server pods
# This should be a multi-line string matching the Toleration array
# in a PodSpec.
tolerations: ""
# nodeSelector labels for server pod assignment, formatted as a multi-line string.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
nodeSelector: |
eks.amazonaws.com/nodegroup: test
priorityClassName: ""
annotations: null
service:
annotations: null
extraEnvironmentVars: {}
# http_proxy: http://localhost:3128,
# https_proxy: http://localhost:3128,
# no_proxy: internal.domain.com
externalServers:
enabled: false
hosts: []
# The HTTPS port of the Consul servers.
httpsPort: 8501
# tlsServerName is the server name to use as the SNI
# host header when connecting with HTTPS.
tlsServerName: null
useSystemRoots: false
k8sAuthMethodHost: null
# Client, when enabled, configures Consul clients to run on every node
# within the Kube cluster. The current deployment model follows a traditional
# DC where a single agent is deployed per node.
client:
enabled: "-"
image: null
join: null
dataDirectoryHostPath: null
grpc: true
exposeGossipPorts: false
resources: null
extraConfig: |
{}
extraVolumes: []
by Consul
tolerations: ""
nodeSelector: null
# Affinity Settings for Client pods, formatted as a multi-line YAML string.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
# used to assign priority to client pods
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
priorityClassName: ""
annotations: null
# custom consul parameters.
extraEnvironmentVars: {}
# http_proxy: http://localhost:3128,
# https_proxy: http://localhost:3128,
# no_proxy: internal.domain.com
dnsPolicy: null
updateStrategy: null
snapshotAgent:
enabled: false
# replicas determines how many snapshot agent pods are created
replicas: 2
using-kubectl-create-secret
configSecret:
secretName: null
secretKey: null
dns:
enabled: "-"
# Useful if you need to reference the DNS service's IP
# address in CoreDNS config.
clusterIP: null
# Extra annotations to attach to the dns service
# This should be a multi-line string of
# annotations to apply to the dns Service
annotations: null
ui:
# True if you want to enable the Consul UI. The UI will run only
# on the server nodes. This makes UI access via the service below (if
# enabled) predictable rather than "any node" if you're running Consul
# clients as well.
enabled: "-"
# True if you want to create a Service entry for the Consul UI.
#
# serviceType can be used to control the type of service created. For
# example, setting this to "LoadBalancer" will create an external load
# balancer (for supported K8S installations) to access the UI.
service:
enabled: true
type: NodePort
# Annotations to apply to the UI service.
# Example:
# annotations: |
# "annotation-key": "annotation-value"
annotations: null
# Additional ServiceSpec values
# This should be a multi-line string mapping directly to a Kubernetes
# ServiceSpec object.
additionalSpec: null
# syncCatalog will run the catalog sync process to sync K8S with Consul
# services. This can run bidirectional (default) or unidirectionally (Consul
# to K8S or K8S to Consul only).
#
# This process assumes that a Consul agent is available on the host IP.
# This is done automatically if clients are enabled. If clients are not
# enabled then set the node selection so that it chooses a node with a
# Consul agent.
syncCatalog:
# True if you want to enable the catalog sync. Set to "-" to inherit from
# global.enabled.
enabled: false
image: null
default: true # true will sync by default, otherwise requires annotation
# toConsul and toK8S control whether syncing is enabled to Consul or K8S
# as a destination. If both of these are disabled, the sync will do nothing.
toConsul: true
toK8S: true
# k8sPrefix is the service prefix to prepend to services before registering
# with Kubernetes. For example "consul-" will register all services
# prepended with "consul-". (Consul -> Kubernetes sync)
k8sPrefix: null
# k8sAllowNamespaces is a list of k8s namespaces to sync the k8s services from.
# If a k8s namespace is not included in this list or is listed in `k8sDenyNamespaces`,
# services in that k8s namespace will not be synced even if they are explicitly
# annotated. Use ["*"] to automatically allow all k8s namespaces.
#
# For example, ["namespace1", "namespace2"] will only allow services in the k8s
# namespaces `namespace1` and `namespace2` to be synced and registered
# with Consul. All other k8s namespaces will be ignored.
#
# To deny all namespaces, set this to [].
#
# Note: `k8sDenyNamespaces` takes precedence over values defined here.
# Requires consul-k8s v0.12+
k8sAllowNamespaces: ["*"]
# k8sDenyNamespaces is a list of k8s namespaces that should not have their
# services synced. This list takes precedence over `k8sAllowNamespaces`.
# `*` is not supported because then nothing would be allowed to sync.
# Requires consul-k8s v0.12+.
#
# For example, if `k8sAllowNamespaces` is `["*"]` and `k8sDenyNamespaces` is
# `["namespace1", "namespace2"]`, then all k8s namespaces besides "namespace1"
# and "namespace2" will be synced.
k8sDenyNamespaces: ["kube-system", "kube-public"]
# [DEPRECATED] Use k8sAllowNamespaces and k8sDenyNamespaces instead. For
# backwards compatibility, if both this and the allow/deny lists are set,
# the allow/deny lists will be ignored.
# k8sSourceNamespace is the Kubernetes namespace to watch for service
# changes and sync to Consul. If this is not set then it will default
# to all namespaces.
k8sSourceNamespace: null
# [Enterprise Only] These settings manage the catalog sync's interaction with
# Consul namespaces (requires consul-ent v1.7+ and consul-k8s v0.12+).
# Also, `global.enableConsulNamespaces` must be true.
consulNamespaces:
# consulDestinationNamespace is the name of the Consul namespace to register all
# k8s services into. If the Consul namespace does not already exist,
# it will be created. This will be ignored if `mirroringK8S` is true.
consulDestinationNamespace: "default"
# mirroringK8S causes k8s services to be registered into a Consul namespace
# of the same name as their k8s namespace, optionally prefixed if
# `mirroringK8SPrefix` is set below. If the Consul namespace does not
# already exist, it will be created. Turning this on overrides the
# `consulDestinationNamespace` setting.
# `addK8SNamespaceSuffix` may no longer be needed if enabling this option.
mirroringK8S: false
# If `mirroringK8S` is set to true, `mirroringK8SPrefix` allows each Consul namespace
# to be given a prefix. For example, if `mirroringK8SPrefix` is set to "k8s-", a
# service in the k8s `staging` namespace will be registered into the
# `k8s-staging` Consul namespace.
mirroringK8SPrefix: ""
# addK8SNamespaceSuffix appends Kubernetes namespace suffix to
# each service name synced to Consul, separated by a dash.
# For example, for a service 'foo' in the default namespace,
# the sync process will create a Consul service named 'foo-default'.
# Set this flag to true to avoid registering services with the same name
# but in different namespaces as instances for the same Consul service.
# Namespace suffix is not added if 'annotationServiceName' is provided.
addK8SNamespaceSuffix: true
# consulPrefix is the service prefix which prepends itself
# to Kubernetes services registered within Consul
# For example, "k8s-" will register all services prepended with "k8s-".
# (Kubernetes -> Consul sync)
# consulPrefix is ignored when 'annotationServiceName' is provided.
# NOTE: Updating this property to a non-null value for an existing installation will result in deregistering
# of existing services in Consul and registering them with a new name.
consulPrefix: null
# k8sTag is an optional tag that is applied to all of the Kubernetes services
# that are synced into Consul. If nothing is set, defaults to "k8s".
# (Kubernetes -> Consul sync)
k8sTag: null
# syncClusterIPServices syncs services of the ClusterIP type, which may
# or may not be broadly accessible depending on your Kubernetes cluster.
# Set this to false to skip syncing ClusterIP services.
syncClusterIPServices: true
# nodePortSyncType configures the type of syncing that happens for NodePort
# services. The valid options are: ExternalOnly, InternalOnly, ExternalFirst.
# - ExternalOnly will only use a node's ExternalIP address for the sync
# - InternalOnly use's the node's InternalIP address
# - ExternalFirst will preferentially use the node's ExternalIP address, but
# if it doesn't exist, it will use the node's InternalIP address instead.
nodePortSyncType: ExternalFirst
# aclSyncToken refers to a Kubernetes secret that you have created that contains
# an ACL token for your Consul cluster which allows the sync process the correct
# permissions. This is only needed if ACLs are enabled on the Consul cluster.
aclSyncToken:
secretName: null
secretKey: null
# nodeSelector labels for syncCatalog pod assignment, formatted as a multi-line string.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
# nodeSelector: |
# beta.kubernetes.io/arch: amd64
nodeSelector: null
# Log verbosity level. One of "trace", "debug", "info", "warn", or "error".
logLevel: info
# Override the default interval to perform syncing operations creating Consul services.
consulWriteInterval: null
# ConnectInject will enable the automatic Connect sidecar injector.
connectInject:
# True if you want to enable connect injection. Set to "-" to inherit from
# global.enabled.
# Requires consul-k8s >= 0.10.1.
enabled: false
image: null # image for consul-k8s that contains the injector
default: false # true will inject by default, otherwise requires annotation
# The Docker image for Consul to use when performing Connect injection.
# Defaults to global.image.
imageConsul: null
# The Docker image for envoy to use as the proxy sidecar when performing
# Connect injection. If using Consul 1.7+, the envoy version must be 1.13+.
# If not set, the image used depends on the consul-k8s version. For
# consul-k8s 0.12.0 the default is envoyproxy/envoy-alpine:v1.13.0.
imageEnvoy: null
# namespaceSelector is the selector for restricting the webhook to only
# specific namespaces. This should be set to a multiline string.
# See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
# for more details.
# Example:
# namespaceSelector: |
# matchLabels:
# namespace-label: label-value
namespaceSelector: null
# k8sAllowNamespaces is a list of k8s namespaces to allow Connect sidecar
# injection in. If a k8s namespace is not included or is listed in `k8sDenyNamespaces`,
# pods in that k8s namespace will not be injected even if they are explicitly
# annotated. Use ["*"] to automatically allow all k8s namespaces.
#
# For example, ["namespace1", "namespace2"] will only allow pods in the k8s
# namespaces `namespace1` and `namespace2` to have Connect sidecars injected
# and registered with Consul. All other k8s namespaces will be ignored.
#
# To deny all namespaces, set this to [].
#
# Note: `k8sDenyNamespaces` takes precedence over values defined here and
# `namespaceSelector` takes precedence over both since it is applied first.
# `kube-system` and `kube-public` are never injected, even if included here.
# Requires consul-k8s v0.12+
k8sAllowNamespaces: ["*"]
# k8sDenyNamespaces is a list of k8s namespaces that should not allow Connect
# sidecar injection. This list takes precedence over `k8sAllowNamespaces`.
# `*` is not supported because then nothing would be allowed to be injected.
#
# For example, if `k8sAllowNamespaces` is `["*"]` and k8sDenyNamespaces is
# `["namespace1", "namespace2"]`, then all k8s namespaces besides "namespace1"
# and "namespace2" will be available for injection.
#
# Note: `namespaceSelector` takes precedence over this since it is applied first.
# `kube-system` and `kube-public` are never injected.
# Requires consul-k8s v0.12+.
k8sDenyNamespaces: []
# [Enterprise Only] These settings manage the connect injector's interaction with
# Consul namespaces (requires consul-ent v1.7+ and consul-k8s v0.12+).
# Also, `global.enableConsulNamespaces` must be true.
consulNamespaces:
# consulDestinationNamespace is the name of the Consul namespace to register all
# k8s pods into. If the Consul namespace does not already exist,
# it will be created. This will be ignored if `mirroringK8S` is true.
consulDestinationNamespace: "default"
# mirroringK8S causes k8s pods to be registered into a Consul namespace
# of the same name as their k8s namespace, optionally prefixed if
# `mirroringK8SPrefix` is set below. If the Consul namespace does not
# already exist, it will be created. Turning this on overrides the
# `consulDestinationNamespace` setting.
mirroringK8S: false
# If `mirroringK8S` is set to true, `mirroringK8SPrefix` allows each Consul namespace
# to be given a prefix. For example, if `mirroringK8SPrefix` is set to "k8s-", a
# pod in the k8s `staging` namespace will be registered into the
# `k8s-staging` Consul namespace.
mirroringK8SPrefix: ""
# The certs section configures how the webhook TLS certs are configured.
# These are the TLS certs for the Kube apiserver communicating to the
# webhook. By default, the injector will generate and manage its own certs,
# but this requires the ability for the injector to update its own
# MutatingWebhookConfiguration. In a production environment, custom certs
# should probably be used. Configure the values below to enable this.
certs:
# secretName is the name of the secret that has the TLS certificate and
# private key to serve the injector webhook. If this is null, then the
# injector will default to its automatic management mode that will assign
# a service account to the injector to generate its own certificates.
secretName: null
# caBundle is a base64-encoded PEM-encoded certificate bundle for the
# CA that signed the TLS certificate that the webhook serves. This must
# be set if secretName is non-null.
caBundle: ""
# certName and keyName are the names of the files within the secret for
# the TLS cert and private key, respectively. These have reasonable
# defaults but can be customized if necessary.
certName: tls.crt
keyName: tls.key
# nodeSelector labels for connectInject pod assignment, formatted as a multi-line string.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
# nodeSelector: |
# beta.kubernetes.io/arch: amd64
nodeSelector: null
# aclBindingRuleSelector accepts a query that defines which Service Accounts
# can authenticate to Consul and receive an ACL token during Connect injection.
# The default setting, i.e. serviceaccount.name!=default, prevents the
# 'default' Service Account from logging in.
# If set to an empty string all service accounts can log in.
# This only has effect if ACLs are enabled.
#
# See https://www.consul.io/docs/acl/acl-auth-methods.html#binding-rules
# and https://www.consul.io/docs/acl/auth-methods/kubernetes.html#trusted-identity-attributes
# for more details.
# Requires Consul >= v1.5 and consul-k8s >= v0.8.0.
aclBindingRuleSelector: "serviceaccount.name!=default"
# If you are not using global.acls.manageSystemACLs and instead manually setting up an
# auth method for Connect inject, set this to the name of your auth method.
overrideAuthMethodName: ""
# aclInjectToken refers to a Kubernetes secret that you have created that contains
# an ACL token for your Consul cluster which allows the Connect injector the correct
# permissions. This is only needed if Consul namespaces [Enterprise only] and ACLs
# are enabled on the Consul cluster and you are not setting
# `global.acls.manageSystemACLs` to `true`.
# This token needs to have `operator = "write"` privileges to be able to
# create Consul namespaces.
aclInjectToken:
secretName: null
secretKey: null
# Requires Consul >= v1.5 and consul-k8s >= v0.8.1.
centralConfig:
# enabled controls whether central config is enabled on all servers and clients.
# See https://www.consul.io/docs/agent/options.html#enable_central_service_config.
# If changing this after installation, servers and clients must be restarted
# for the change to take effect.
enabled: true
# defaultProtocol allows you to specify a convenience default protocol if
# most of your services are of the same protocol type. The individual annotation
# on any given pod will override this value.
# Valid values are "http", "http2", "grpc" and "tcp".
defaultProtocol: null
# proxyDefaults is a raw json string that will be written as the value of
# the "config" key of the global proxy-defaults config entry.
# See: https://www.consul.io/docs/agent/config-entries/proxy-defaults.html
# NOTE: Changes to this value after the chart is first installed have *no*
# effect. In order to change the proxy-defaults config after installation,
# you must use the Consul API.
proxyDefaults: |
{}
# Mesh Gateways enable Consul Connect to work across Consul datacenters.
meshGateway:
# If mesh gateways are enabled, a Deployment will be created that runs
# gateways and Consul Connect will be configured to use gateways.
# See https://www.consul.io/docs/connect/mesh_gateway.html
# Requirements: consul >= 1.6.0 and consul-k8s >= 0.9.0 if using
# global.acls.manageSystemACLs.
enabled: false
# Globally configure which mode the gateway should run in.
# Can be set to either "remote", "local", "none" or empty string or null.
# See https://consul.io/docs/connect/mesh_gateway.html#modes-of-operation for
# a description of each mode.
# If set to anything other than "" or null, connectInject.centralConfig.enabled
# should be set to true so that the global config will actually be used.
# If set to the empty string, no global default will be set and the gateway mode
# will need to be set individually for each service.
globalMode: local
# Number of replicas for the Deployment.
replicas: 2
# What gets registered as WAN address for the gateway.
wanAddress:
# source configures where to retrieve the WAN address (and possibly port)
# for the mesh gateway from.
# Can be set to either: Service, NodeIP, NodeName or Static.
#
# Service - Determine the address based on the service type.
# If service.type=LoadBalancer use the external IP or hostname of
# the service. Use the port set by service.port.
# If service.type=NodePort use the Node IP. The port will be set to
# service.nodePort so service.nodePort cannot be null.
# If service.type=ClusterIP use the ClusterIP. The port will be set to
# service.port.
# service.type=ExternalName is not supported.
# NodeIP - The node IP as provided by the Kubernetes downward API.
# NodeName - The name of the node as provided by the Kubernetes downward
# API. This is useful if the node names are DNS entries that
# are routable from other datacenters.
# Static - Use the address hardcoded in meshGateway.wanAddress.static.
source: "Service"
# Port that gets registered for WAN traffic.
# If source is set to "Service" then this setting will have no effect.
# See the documentation for source as to which port will be used in that
# case.
port: 443
# If source is set to "Static" then this value will be used as the WAN
# address of the mesh gateways. This is useful if you've configured a
# DNS entry to point to your mesh gateways.
static: ""
# The service option configures the Service that fronts the Gateway Deployment.
service:
# Whether to create a Service or not.
enabled: true
# Type of service, ex. LoadBalancer, ClusterIP.
type: LoadBalancer
# Port that the service will be exposed on.
# The targetPort will be set to meshGateway.containerPort.
port: 443
# Optionally hardcode the nodePort of the service if using type: NodePort.
# If not set and using type: NodePort, Kubernetes will automatically assign
# a port.
nodePort: null
# Annotations to apply to the mesh gateway service.
# Example:
# annotations: |
# "annotation-key": "annotation-value"
annotations: null
# Optional YAML string that will be appended to the Service spec.
additionalSpec: null
# Envoy image to use. For Consul v1.7+, Envoy version 1.13+ is required.
imageEnvoy: envoyproxy/envoy:v1.13.0
# If set to true, gateway Pods will run on the host network.
hostNetwork: true
# dnsPolicy to use.
dnsPolicy: null
# Override the default 'mesh-gateway' service name registered in Consul.
# Cannot be used if global.acls.manageSystemACLs is true since the ACL token
# generated is only for the name 'mesh-gateway'.
consulServiceName: ""
# Port that the gateway will run on inside the container.
containerPort: 8443
# Optional hostPort for the gateway to be exposed on.
# This can be used with wanAddress.port and wanAddress.useNodeIP
# to expose the gateways directly from the node.
# If hostNetwork is true, this must be null or set to the same port as
# containerPort.
# NOTE: Cannot set to 8500 or 8502 because those are reserved for the Consul
# agent.
hostPort: null
# If there are no connect-enabled services running, then the gateway
# will fail health checks. You may disable health checks as a temporary
# workaround.
enableHealthChecks: true
resources: |
requests:
memory: "128Mi"
cpu: "250m"
limits:
memory: "256Mi"
cpu: "500m"
# By default, we set an anti affinity so that two gateway pods won't be
# on the same node. NOTE: Gateways require that Consul client agents are
# also running on the nodes alongside each gateway Pod.
affinity: |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: mesh-gateway
topologyKey: kubernetes.io/hostname
# Optional YAML string to specify tolerations.
tolerations: null
# Optional YAML string to specify a nodeSelector config.
nodeSelector: null
# Optional priorityClassName.
priorityClassName: ""
# Annotations to apply to the mesh gateway deployment.
# Example:
# annotations: |
# "annotation-key": "annotation-value"
annotations: null
# Control whether a test Pod manifest is generated when running helm template.
# When using helm install, the test Pod is not submitted to the cluster so this
# is only useful when running helm template.
tests:
enabled: true
解决方案
您需要使用与您正在安装的 Consul 版本兼容的 Helm 图表。与 Consul 1.7.2 兼容的最后一个受支持的 Helm 图表版本是0.21.0 版本。有关更多信息,请参阅https://www.consul.io/docs/k8s/upgrade/compatibility上的 Consul 和 Consul 的兼容性矩阵。
您应该能够使用以下 Helm install 命令成功安装 Consul。
$ helm install consul hashicorp/consul --version 0.21.0 --namespace common --set global.name=consul -f helm-consul-config.yaml
如果您希望升级到较新版本的 Consul ,请按照https://www.consul.io/docs/k8s/upgrade上的说明进行操作。
推荐阅读
- php - 如何使用(Axios、php 和 vue.js)在编辑表单中填充当前数据
- php - Facebook\WebDriver\Exception\ElementNotVisibleException:元素不可交互
- java - 如何通过@ControllerAdvice 中的@ResponseStatus 捕获异常
- android - RecyclerView - 如何将数据发送到 MainActivity
- blueprism - 如何从 Blueprism 中的多层集合中引用字段?
- api - 如果已经在 nginx 中配置了 https,我是否需要在我的应用程序中配置 https
- python - 使用机器学习根据之前的 6 个数字系列(训练数据)预测接下来的 6 个数字系列
- ios - 选择时更改 imageView 的 tintColor 不起作用
- asp.net-core - 如何从 Asp.net Core 中的查询字符串验证 Azure AD B2C 令牌?
- java - 我正在从后端 spring boot 创建 API,以获取陷入问题的车辆的下拉 makeAndModel 列表