-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubeadm using 1.6 - Ingess-Controller can't access API #575
Comments
Thanks for figuring this out, but that's really quite something. I have no idea what is going on with this RBAC stuff. Why did it get so horribly complex? The |
Yeah, I've been holding out for access control for a long time so very thankful... But it's taken me now a few hours to get all the default cluster tools working with RBAC on 1.6 like kube-lego, dashboard, heapster and weavescope. here is a relatively basic policy that gets kube-lego (letsencrypt) going with this ingress controller, could be improved though
|
To create DaemonSet of the controller, as of in nginx-ingress-daemonset.yaml.
It works for me.
|
Using the above spec file in first comment i am able to deploy ingress-controller. But when i create the ingress-rule endpoints for ingress-rule is not updates and it log file |
The above spec file almost worked for me (Kubernetes 1.6.2) unless I installed I had these 5 errors left:
EDIT: One more fix to get TLS working: The following Ingress-DaemonSet works for me and the errors above are gone
|
@lachlan-b @domino14 @songrijie @chaitukopparthi @weitzj i use the cmd: kubectl apply -f nginx-ingress-controller.yaml ,it's also respone some err, so l read the errors and then l fix the err by the error message, the last ,l create a corrate controller, l hope this is useful to your. this is my yaml file:
|
@lachlan-b @domino14 @songrijie @chaitukopparthi @weitzj l forget write the k8s cluster version, in my cluster ,the k8s's version is v1.6.3. the v1.6.2 is also ok. |
Created ingress controller based on above yml (huangjiasingle) then I created small test apps with namespace "testing" and getting following error ...
NOTE: ALL containers running fine
|
@prasenforu You probably need to add:
|
Thanks for reply. added in
but same error .... :( |
@prasenforu @weitzj please check #747 |
|
Closing. Please reopen if the issue persists after following https://github.com/nevetS/ingress/tree/master/examples/rbac/nginx |
Just had quite a bit of difficulty getting the ingress controller running on 1.6 cluster using kubeadm, I would think the 1.6 default permission changes for service accounts will impact any deployment method though.
I0409 05:45:16.650042 6 launch.go:96] &{NGINX 0.9.0-beta.3 git-3dd7461 git@github.com:ixdy/kubernetes-ingress.git} I0409 05:45:16.650094 6 launch.go:99] Watching for ingress class: nginx I0409 05:45:16.650517 6 launch.go:245] Creating API server client for https://10.96.0.1:443 I0409 05:45:16.652130 6 nginx.go:127] starting NGINX process... F0409 05:45:18.211701 6 launch.go:113] no service with name kube-system/default-http-backend found: the server does not allow access to the requested resource (get services default-http-backend)
Got it working using host ports and RBAC role and cluster role and adding a service account so its not using default, I'll give it a test now.
Big thanks to whoever went through the effort of gathering permissions here, #266
Should I make a PR with updated 1.6 templates or add a standalone role with a link to RBAC doco and how to select the service account within the pod spec.
The text was updated successfully, but these errors were encountered: