nginx-ingress-controller can not be created

[k19810703]

I followed this guide to deploy nginx-ingress-controller , but it can't be created correctly
https://github.com/kubernetes/ingress-nginx/blob/master/examples/deployment/README.md

os:ubuntu16.04
kubenetes 1.8

$ kubectl apply -f nginx-ingress-controller.yaml
deployment "nginx-ingress-controller" configured
$ kubectl -n kube-system get pods
NAME READY STATUS RESTARTS AGE
default-http-backend-59b65899db-m7mgx 1/1 Running 0 35m
etcd-next 1/1 Running 0 10h
kube-apiserver-next 1/1 Running 0 10h
kube-controller-manager-next 1/1 Running 0 10h
kube-dns-545bc4bfd4-hsvq2 3/3 Running 3 10h
kube-flannel-ds-6bnnv 1/1 Running 0 10h
kube-flannel-ds-hx2f7 1/1 Running 0 10h
kube-proxy-2gnxd 1/1 Running 0 10h
kube-proxy-hr4k7 1/1 Running 0 10h
kube-scheduler-next 1/1 Running 0 10h
nginx-ingress-controller-848c5cc54-6rbtg 0/1 CrashLoopBackOff 10 32m

$ kubectl -n kube-system logs -f nginx-ingress-controller-848c5cc54-6rbtg
I1014 11:56:53.610371 7 launch.go:113] &{NGINX 0.9.0-beta.15 git-a3e86f2 https://github.com/kubernetes/ingress}
I1014 11:56:53.610422 7 launch.go:116] Watching for ingress class: nginx
I1014 11:56:53.610706 7 launch.go:291] Creating API client for https://10.96.0.1:443
I1014 11:56:53.629950 7 launch.go:304] Running in Kubernetes Cluster version v1.8 (v1.8.1) - git (clean) commit f38e43b221d08850172a9a4ea785a86a3ffa3b3a - platform linux/amd64
F1014 11:56:53.632074 7 launch.go:136] ✖ It seems the cluster it is running with Authorization enabled (like RBAC) and there is no permissions for the ingress controller. Please check the configuration

It seems no permissions for the ingress controller was the reason for crash , how to fix it?

[aledbf]

Closing. Please use the RBAC example https://github.com/kubernetes/ingress-nginx/tree/master/examples/rbac

[noprom]

@aledbf

The URL you refers to can not open.

[vhosakot]

@aledbf I don't see the URL https://github.com/kubernetes/ingress-nginx/tree/master/examples/rbac too and see that it has been removed by the PR #1497. Where can I find the rbac example?

I installed nginx-ingress using the helm from https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress, and see the same error in kubectl logs:

helm install stable/nginx-ingress

Wait for 5 minutes for the nginx LoadBalancer IP to be available. The nginx-ingress-controller pod is in CrashLoopBackOff state and the nginx-ingress-controller service is in <pending> state:

# kubectl get all | grep nginx
po/worn-cat-nginx-ingress-controller-5475fc66c7-tb8kj        0/1       CrashLoopBackOff   12         42m
svc/worn-cat-nginx-ingress-controller        LoadBalancer   10.233.35.161   <pending>     80:32378/TCP,443:31317/TCP   42m

Error in kubectl logs below:

# kubectl logs worn-cat-nginx-ingress-controller-5475fc66c7-tb8kj
I0109 17:26:23.337035       7 launch.go:113] &{NGINX 0.9.0-beta.15 git-a3e86f2 https://github.com/kubernetes/ingress}
I0109 17:26:23.337078       7 launch.go:116] Watching for ingress class: nginx
I0109 17:26:23.337382       7 launch.go:291] Creating API client for https://10.233.0.1:443
I0109 17:26:23.350310       7 launch.go:304] Running in Kubernetes Cluster version v. (v1.9.0+coreos.0) - git (clean) commit 1b69a2a6c01194421b0aa17747a8c1a81738a8dd - platform linux/amd64
F0109 17:26:23.351459       7 launch.go:136] ✖ It seems the cluster it is running with Authorization enabled (like RBAC) and there is no permissions for the ingress controller. Please check the configuration

I don't see any endpoints for the nginx-ingress-controller service:

# kubectl describe svc/worn-cat-nginx-ingress-controller
Name:                     worn-cat-nginx-ingress-controller
Namespace:                default
Labels:                   app=nginx-ingress
                          chart=nginx-ingress-0.8.23
                          component=controller
                          heritage=Tiller
                          release=worn-cat
Annotations:              <none>
Selector:                 app=nginx-ingress,component=controller,release=worn-cat
Type:                     LoadBalancer
IP:                       10.233.35.161
Port:                     http  80/TCP
TargetPort:               80/TCP
NodePort:                 http  32378/TCP
Endpoints:                
Port:                     https  443/TCP
TargetPort:               443/TCP
NodePort:                 https  31317/TCP
Endpoints:                
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

[vhosakot]

@vamsi248 @aledbf I was able to enable RBAC using helm (--set rbac.create=true) and this error is not seen anymore, and the nginx ingress controller is working as expected!

helm install --name my-release stable/nginx-ingress --set rbac.create=true

[vhosakot]

@vamsi248 yes, I'm using helm to install the nginx ingress controller on k8s per https://github.com/kubernetes/ingress-nginx/blob/master/deploy/README.md#using-helm.

[vamsi248]

Hai @vhosakot
any idea how to configure an IP to my namespace dev or any namespace.. nginx-ingress-controller is running in all namespaces.
so that all services are running in that namespace will expose by hitting that ip address..
is it possible.. i am running my cluster locally..
1.8v kubeadm and weavenet is addons...

Thanks
vamsi

[aledbf]

@vamsi248 add the flag --watch-namespace <dev|any>
https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/cli-arguments.md

[vamsi248]

@aledbf bf bf Thanks for your quick response.
but i am asking.. my cluster is running X.x.x.x I.P so all my services which are running in all namespaces will expose on that I.P . but i want to make each namespace to expose there services in Different I.P.
what i mean to say is dev wants to expose on X.X.X.Y . and Test wants to expose there services on X.X.X.Z ... Is it possible and if anybody have documentation on this can u please forward??

Thanks,
vamsi

[aledbf]

but i want to make each namespace to expose there services in Different I.P.
what i mean to say is dev wants to expose on X.X.X.Y .

The only way you can achieve this is to run multiple ingress controllers with the flag --watch-namespace <dev|any> and using a service type=LoadBalancer

[vamsi248]

I am running ingress-controllers in all namespaces. but we cant set the dev namespace with specific I.P which is 101.34.56.34 so that all services (DEV namespace) wants to work on this I.P
is it possible. how to configure this I.P to that namespace? any documentation

if i did type loadbalancer then services are running on my cluster I.P only..

[vamsi248]

--watch namespace flag need to add in the yaml file of Ingress-controller right..
can you give basic yaml file with that flag..

[hmarcelodn]

I just upgraded from k8s 1.6.6 to 1.9.3 and I am experiencing the same issue.
I always had the --watch-namespace enabled but it is failing in the same way.

I am not using helm in my case. I am deploying just a yaml file with kubectl apply command.

Any ideas?

[kaelzhang]

@noprom moved here https://github.com/kubernetes/ingress-nginx/tree/master/deploy