0

I have 3 VMS running in localsystemeach 1 Master, 2 Nodes. I have installed weave CNI Network. I am trying to install the Nginx ingress controller with

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml

But im unable to create it. I have tried the same with the AWS Ec2 instances. It is always crashing get pods -A I have seen the describe getting this error in admission-create pod MountVolume.SetUp failed for volume "kube-api-access-kdhpc" : object "ingress-nginx"/"kube-root-ca.crt" not registered

and the admission-patch,controller pod is keep on restarting the controller pod output ingress-ngnix-controlled Im kinda struck over here. I have tried using the flannel cni too and the result is the same. Any suggestions are appreciated.

raza sikander
  • 143
  • 13
  • Out of topic probably, but just because you said you tried flannel too, have you tried https://www.tigera.io/project-calico/ ? – Havelock Aug 17 '21 at 08:52
  • Yes i have tried with calico too. In calico the calico pods were crashing directly in an loop. – raza sikander Aug 17 '21 at 10:40
  • Have you checked the logs for the nginx-admission-patch pod? Can you share them? The ingress-controller probably won't start until then. – SYN Aug 17 '21 at 12:35
  • I found the error It was probably due to the version issue. I downgraded the k8s from 1.22 to 1.18 version and the pods started working fine. I used metallb to get the ip assigned to the external endpoint of ingress. – raza sikander Aug 18 '21 at 02:41

2 Answers2

1

Try these steps, these configurations worked with me well.

Ingress Controller

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ingress-controller
  namespace: ingress-space
spec:
  replicas: 1
  selector:
    matchLabels:
      name: nginx-ingress
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        name: nginx-ingress
    spec:
      containers:
      - args:
        - /nginx-ingress-controller
        - --configmap=$(POD_NAMESPACE)/nginx-configuration
        - --default-backend-service=app-space/default-http-backend
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
        imagePullPolicy: IfNotPresent
        name: nginx-ingress-controller
        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        - containerPort: 443
          name: https
          protocol: TCP
      restartPolicy: Always
      serviceAccount: ingress-serviceaccount
      serviceAccountName: ingress-serviceaccount
      terminationGracePeriodSeconds: 30

Ingress Service

Apply this NodePort or LoadBalancer as per your configurations:

apiVersion: v1
kind: Service
metadata:
  name: ingress
  namespace: ingress-space
spec:
  ports:
  - name: http
    nodePort: 30080
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https
    nodePort: 31640
    port: 443
    protocol: TCP
    targetPort: 443
  selector:
    name: nginx-ingress
  type: NodePort

Role for Ingress

You will need to create a service account for the ingress, any name of your choice, apply these rbac Cluster Role and Cluster Role Binding

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: ingress-role
rules:
- apiGroups:
  - ""
  resources:
  - services
  - endpoints
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch
  - update
  - create
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
  - list
- apiGroups:
  - networking.k8s.io
  - extensions
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingressclasses
  verbs:
  - get
- apiGroups:
  - networking.k8s.io
  - extensions
  resources:
  - ingresses/status
  verbs:
  - update
- apiGroups:
  - k8s.nginx.org
  resources:
  - virtualservers
  - virtualserverroutes
  - globalconfigurations
  - transportservers
  - policies
  verbs:
  - list
  - watch
  - get
- apiGroups:
  - k8s.nginx.org
  resources:
  - virtualservers/status
  - virtualserverroutes/status
  - policies/status
  - transportservers/status
  verbs:
  - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ingress-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-role
subjects:
- kind: ServiceAccount
  name: ingress-serviceaccount
  namespace: ingress-space

Your ingress source is ready to install, refer to https://kubernetes.io/docs/concepts/services-networking/ingress/ and apply the ingress resource

Amado Saladino
  • 2,114
  • 23
  • 25
  • I figured out the issue. It was the problem of k8s version. Downgraded it and it worked. The pods got spawnned. Assigned ip with metallb. But when I try to curl the external ip of the pod I get ngnix 404 not found. Any idea where the issue might be. I used the default 0.44 cloud yaml file of ingress. – raza sikander Aug 18 '21 at 02:43
  • If you mean the external IP of the load balancer service, it might be due to cloud configuration, make sure you dun have a firewall or security group option that forbids the traffic from your IP. Moreover, make sure you have `nginx.ingress.kubernetes.io/rewrite-target` correctly set – Amado Saladino Aug 18 '21 at 09:40
  • I have verified there are no firewalls running. I have not found this ```nginx.ingress.kubernetes.io/rewrite-target``` in the default yaml file. can u please share a sample file if available or guide me where to set this in yaml file – raza sikander Aug 19 '21 at 06:57
  • here is the link https://kubernetes.github.io/ingress-nginx/examples/rewrite/ - scroll down a little – Amado Saladino Aug 19 '21 at 17:11
  • Sorry for late reply. Thanks for the link will check it and update you back. – raza sikander Aug 23 '21 at 04:15
  • using NodePort it worked. I was working in an office Network where Ip is not automatically allocated. I happened to use NodePort and use the internal ip and now it is working as expected. Thanks for your time and reply. – raza sikander Aug 30 '21 at 11:50
0

I think you should use this one ( for baremetal )

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.31.1/deploy/static/provider/baremetal/deploy.yaml

follow this article :

Nginx Ingress Controller - Failed Calling Webhook

Quentin Merlin
  • 664
  • 1
  • 6
  • 31