kubernetes v1.19.3 安装 ingress-nginx-controller v1.9.6 运行报错

woxihuan28 · 2024年7月9日

创建部署问题时，请参考下面模板，你提供的信息越多，越容易及时获得解答。如果未按模板创建问题，管理员有权关闭问题。
确保帖子格式清晰易读，用 markdown code block 语法格式化代码块。
你只花一分钟创建的问题，不能指望别人花上半个小时给你解答。

操作系统信息
虚拟机，Centos7.9，kubernetes v1.19.3 ， ingress-nginx-controller：v1.9.6

Kubernetes版本信息以及运行情况

问题：

k8s集群安装 ingress-nginx-controller 后pod 正常运行(yaml文件建附件)，但是pod/ingress-nginx-controller-674cbcd768-xsrb4 日志报错：

W0708 10:12:52.093132 6 reflector.go:533] k8s.io/client-go@v0.27.6/tools/cache/reflector.go:231: failed to list *v1.EndpointSlice: the server could not find the requested resource

E0708 10:12:52.093321 6 reflector.go:148] k8s.io/client-go@v0.27.6/tools/cache/reflector.go:231: Failed to watch *v1.EndpointSlice: failed to list *v1.EndpointSlice: the server could not find the requested resource

W0708 10:12:53.287266 6 endpointslices.go:82] Error obtaining Endpoints for Service “default/hello-server”: no object matching key “default/hello-server” in local store

W0708 10:12:53.287290 6 controller.go:1214] Service “default/hello-server” does not have any active Endpoint.

W0708 10:12:53.287358 6 endpointslices.go:82] Error obtaining Endpoints for Service “default/nginx-demo”: no object matching key “default/nginx-demo” in local store

W0708 10:12:53.287369 6 controller.go:1214] Service “default/nginx-demo” does not have any active Endpoint.

woxihuan28 · 2024年7月9日

终于正常，是版本问题，使用

ingress-nginx-controller:v0.46.0

kube-webhook-certgen：v1.5.1

woxihuan28 · 2024年7月9日

# ingress-nginx-controller.yaml

apiVersion: v1

kind: Namespace

metadata:

labels:

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

---

# Source: ingress-nginx/templates/controller-serviceaccount.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

namespace: ingress-nginx

automountServiceAccountToken: true

---

# Source: ingress-nginx/templates/controller-configmap.yaml

apiVersion: v1

kind: ConfigMap

metadata:

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

namespace: ingress-nginx

data:

---

# Source: ingress-nginx/templates/clusterrole.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

rules:

apiGroups:
- ''
  
  resources:
  - configmaps
  - endpoints
  - nodes
  - pods
  - secrets
  verbs:
  - list
  - watch
apiGroups:
- ''
  
  resources:
  - nodes
  verbs:
  - get
apiGroups:
- ''
  
  resources:
  - services
  verbs:
  - get
  - list
  - watch
apiGroups:
- extensions
  - networking.k8s.io # k8s 1.14+
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
apiGroups:
- ''
  
  resources:
  - events
  verbs:
  - create
  - patch
apiGroups:
- extensions
  - networking.k8s.io # k8s 1.14+
  resources:
  - ingresses/status
  verbs:
  - update
apiGroups:
- networking.k8s.io # k8s 1.14+
  
  resources:
  - ingressclasses
  verbs:
  - get
  - list
  - watch

---

# Source: ingress-nginx/templates/clusterrolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

subjects:

kind: ServiceAccount

name: ingress-nginx

namespace: ingress-nginx

---

# Source: ingress-nginx/templates/controller-role.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: Role

metadata:

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

namespace: ingress-nginx

rules:

apiGroups:
- ''
  
  resources:
  - namespaces
  verbs:
  - get
apiGroups:
- ''
  
  resources:
  - configmaps
  - pods
  - secrets
  - endpoints
  verbs:
  - get
  - list
  - watch
apiGroups:
- ''
  
  resources:
  - services
  verbs:
  - get
  - list
  - watch
apiGroups:
- extensions
  - networking.k8s.io # k8s 1.14+
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
apiGroups:
- extensions
  - networking.k8s.io # k8s 1.14+
  resources:
  - ingresses/status
  verbs:
  - update
apiGroups:
- networking.k8s.io # k8s 1.14+
  
  resources:
  - ingressclasses
  verbs:
  - get
  - list
  - watch
apiGroups:
- ''
  
  resources:
  - configmaps
  resourceNames:
  - ingress-controller-leader-nginx
  verbs:
  - get
  - update
apiGroups:
- ''
  
  resources:
  - configmaps
  verbs:
  - create
apiGroups:
- ''
  
  resources:
  - events
  verbs:
  - create
  - patch

---

# Source: ingress-nginx/templates/controller-rolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

namespace: ingress-nginx

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

subjects:

kind: ServiceAccount

name: ingress-nginx

namespace: ingress-nginx

---

# Source: ingress-nginx/templates/controller-service-webhook.yaml

apiVersion: v1

kind: Service

metadata:

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

namespace: ingress-nginx

spec:

type: ClusterIP

ports:

- name: https-webhook

  port: 443

  targetPort: webhook

selector:

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/component: controller

---

# Source: ingress-nginx/templates/controller-service.yaml

apiVersion: v1

kind: Service

metadata:

annotations:

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

namespace: ingress-nginx

spec:

type: NodePort

ports:

- name: http

  port: 80

  protocol: TCP

  targetPort: http

- name: https

  port: 443

  protocol: TCP

  targetPort: https

selector:

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/component: controller

---

# Source: ingress-nginx/templates/controller-deployment.yaml

apiVersion: apps/v1

kind: Deployment

metadata:

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

namespace: ingress-nginx

spec:

selector:

matchLabels:

  app.kubernetes.io/name: ingress-nginx

  app.kubernetes.io/instance: ingress-nginx

  app.kubernetes.io/component: controller

revisionHistoryLimit: 10

minReadySeconds: 0

template:

metadata:

  labels:

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/instance: ingress-nginx

    app.kubernetes.io/component: controller

spec:

  dnsPolicy: ClusterFirst

  containers:

    - name: controller

      image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/ingress-nginx-controller:v0.46.0

      imagePullPolicy: IfNotPresent

      lifecycle:

        preStop:

          exec:

            command:

              - /wait-shutdown

      args:

        - /nginx-ingress-controller

        - --election-id=ingress-controller-leader

        - --ingress-class=nginx

        - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller

        - --validating-webhook=:8443

        - --validating-webhook-certificate=/usr/local/certificates/cert

        - --validating-webhook-key=/usr/local/certificates/key

      securityContext:

        capabilities:

          drop:

            - ALL

          add:

            - NET_BIND_SERVICE

        runAsUser: 101

        allowPrivilegeEscalation: true

      env:

        - name: POD_NAME

          valueFrom:

            fieldRef:

              fieldPath: metadata.name

        - name: POD_NAMESPACE

          valueFrom:

            fieldRef:

              fieldPath: metadata.namespace

        - name: LD_PRELOAD

          value: /usr/local/lib/libmimalloc.so

      livenessProbe:

        failureThreshold: 5

        httpGet:

          path: /healthz

          port: 10254

          scheme: HTTP

        initialDelaySeconds: 10

        periodSeconds: 10

        successThreshold: 1

        timeoutSeconds: 1

      readinessProbe:

        failureThreshold: 3

        httpGet:

          path: /healthz

          port: 10254

          scheme: HTTP

        initialDelaySeconds: 10

        periodSeconds: 10

        successThreshold: 1

        timeoutSeconds: 1

      ports:

        - name: http

          containerPort: 80

          protocol: TCP

        - name: https

          containerPort: 443

          protocol: TCP

        - name: webhook

          containerPort: 8443

          protocol: TCP

      volumeMounts:

        - name: webhook-cert

          mountPath: /usr/local/certificates/

          readOnly: true

      resources:

        requests:

          cpu: 100m

          memory: 90Mi

  nodeSelector:

    kubernetes.io/os: linux

  serviceAccountName: ingress-nginx

  terminationGracePeriodSeconds: 300

  volumes:

    - name: webhook-cert

      secret:

        secretName: ingress-nginx-admission

---

# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml

# before changing this value, check the required kubernetes version

# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites

apiVersion: admissionregistration.k8s.io/v1

kind: ValidatingWebhookConfiguration

metadata:

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

webhooks:

name: validate.nginx.ingress.kubernetes.io

matchPolicy: Equivalent

rules:
- apiGroups:
  - networking.k8s.io
    
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - ingresses
  failurePolicy: Fail
  
  sideEffects: None
  
  admissionReviewVersions:
  - v1
  - v1beta1
  clientConfig:
  
  service:
  
  namespace: ingress-nginx
  
  name: ingress-nginx-controller-admission
  
  path: /networking/v1beta1/ingresses

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

annotations:

helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

namespace: ingress-nginx

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

annotations:

helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

rules:

apiGroups:
- admissionregistration.k8s.io
  
  resources:
  - validatingwebhookconfigurations
  verbs:
  - get
  - update

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

annotations:

helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

subjects:

kind: ServiceAccount

name: ingress-nginx-admission

namespace: ingress-nginx

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: Role

metadata:

annotations:

helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

namespace: ingress-nginx

rules:

apiGroups:
- ''
  
  resources:
  - secrets
  verbs:
  - get
  - create

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

annotations:

helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

namespace: ingress-nginx

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

subjects:

kind: ServiceAccount

name: ingress-nginx-admission

namespace: ingress-nginx

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml

apiVersion: batch/v1

kind: Job

metadata:

annotations:

helm.sh/hook: pre-install,pre-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

namespace: ingress-nginx

spec:

template:

metadata:

  name: ingress-nginx-admission-create

  labels:

    helm.sh/chart: ingress-nginx-3.33.0

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/instance: ingress-nginx

    app.kubernetes.io/version: 0.47.0

    app.kubernetes.io/managed-by: Helm

    app.kubernetes.io/component: admission-webhook

spec:

  containers:

    - name: create

      image: registry.cn-guangzhou.aliyuncs.com/yd_william/dyrnq_kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 

      imagePullPolicy: IfNotPresent

      args:

        - create

        - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc

        - --namespace=$(POD_NAMESPACE)

        - --secret-name=ingress-nginx-admission

      env:

        - name: POD_NAMESPACE

          valueFrom:

            fieldRef:

              fieldPath: metadata.namespace

  restartPolicy: OnFailure

  serviceAccountName: ingress-nginx-admission

  securityContext:

    runAsNonRoot: true

    runAsUser: 2000

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml

apiVersion: batch/v1

kind: Job

metadata:

annotations:

helm.sh/hook: post-install,post-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-3.33.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.47.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

namespace: ingress-nginx

spec:

template:

metadata:

  name: ingress-nginx-admission-patch

  labels:

    helm.sh/chart: ingress-nginx-3.33.0

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/instance: ingress-nginx

    app.kubernetes.io/version: 0.47.0

    app.kubernetes.io/managed-by: Helm

    app.kubernetes.io/component: admission-webhook

spec:

  containers:

    - name: patch

      image: registry.cn-guangzhou.aliyuncs.com/yd_william/dyrnq_kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6

      imagePullPolicy: IfNotPresent

      args:

        - patch

        - --webhook-name=ingress-nginx-admission

        - --namespace=$(POD_NAMESPACE)

        - --patch-mutating=false

        - --secret-name=ingress-nginx-admission

        - --patch-failure-policy=Fail

      env:

        - name: POD_NAMESPACE

          valueFrom:

            fieldRef:

              fieldPath: metadata.namespace

  restartPolicy: OnFailure

  serviceAccountName: ingress-nginx-admission

  securityContext:

    runAsNonRoot: true

    runAsUser: 2000

# test.yaml

apiVersion: apps/v1

kind: Deployment

metadata:

spec:

replicas: 2

selector:

matchLabels:

  app: hello-server

template:

metadata:

  labels:

    app: hello-server

spec:

  containers:

  - name: hello-server

    image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/hello-server

    ports:

    - containerPort: 9000

---

apiVersion: apps/v1

kind: Deployment

metadata:

labels:

app: nginx-demo

spec:

replicas: 2

selector:

matchLabels:

  app: nginx-demo

template:

metadata:

  labels:

    app: nginx-demo

spec:

  containers:

  - image: nginx:1.21.5

    name: nginx

---

apiVersion: v1

kind: Service

metadata:

labels:

app: nginx-demo

spec:

selector:

app: nginx-demo

ports:

port: 8000

protocol: TCP

targetPort: 80

---

apiVersion: v1

kind: Service

metadata:

labels:

app: hello-server

spec:

selector:

app: hello-server

ports:

port: 8000

protocol: TCP

targetPort: 9000

#ingress-rule.yaml

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

name: ingress-host-bar

spec:

ingressClassName: nginx

rules:
host: “hello.atguigu.com”

http:

paths:
pathType: Prefix

path: “/”

backend:

service:
name: hello-server

port:

  number: 8000 # hello-server （service） 的端口是 8000
host: “demo.atguigu.com”

http:

paths:
pathType: Prefix

path: “/” # 把请求会转给下面的服务，下面的服务一定要能处理这个路径，不能处理就是404

backend:

service:
name: nginx-demo  #java，比如使用路径重写，去掉前缀nginx

port:

  number: 8000