haproxy-ingress
haproxy-ingress copied to clipboard
jcmoraisjr
haproxy-ingress pods does not start
Hi,
I have been trying to get an HAProxy Ingress working on my kubernetes cluster. I have been following the instructions in the README (https://github.com/jcmoraisjr/haproxy-ingress/tree/master/examples/deployment). I see that haproxy-ingress pod has this in its log:
I0617 16:50:31.298997 6 launch.go:181]
Name: HAProxy
Release: v0.9
Build: git-4220104
Repository: https://github.com/jcmoraisjr/haproxy-ingress
I0617 16:50:31.299065 6 launch.go:184] Watching for ingress class: haproxy
I0617 16:50:31.299633 6 launch.go:427] Creating API client for https://10.233.0.1:443
I0617 16:50:31.307638 6 launch.go:439] Running in Kubernetes Cluster version v1.18 (v1.18.3) - git (clean) commit 2e7996e3e2712684bc73f0dec0200d64eec7fe40 - platform linux/amd64
F0617 16:50:31.308283 6 launch.go:207] no service with name ingress-controller/ingress-default-backend found: services "ingress-default-backend" is forbidden: User "system:serviceaccount:ingress-controller:default" cannot get resource "services" in API group "" in the namespace "ingress-controller"
The one thing to note that didn't seem to work in the README was this:
kubectl --namespace=ingress-controller create -f haproxy-ingress.yaml
That command failed with this error:
error: unable to recognize "haproxy-ingress.yaml.2": no matches for kind "Deployment" in version "apps/v1beta2"
I had to change the apiVersion: apps/v1beta2 to apiVersion: apps/v1
Did that cause the problem?
Thanks!
Hi, based on this message:
User "system:serviceaccount:ingress-controller:default" cannot get resource "services" in API group "" in the namespace "ingress-controller"
It seems to me you didn't configure rbac. Please follow "the five minutes deployment" here and let me know if everything works as expected. You can also follow a more detailed rbac configuration doc.
I had to change the
apiVersion: apps/v1beta2toapiVersion: apps/v1
Yup, old doc, pending to be revised/migrated.
Thanks for the reply!
From the output of this command it looks like I did set up RBAC.
[red@ifs-alpha-kube-001 ~]$ kubectl create -f ingress-controller-rbac.yml
Error from server (AlreadyExists): error when creating "ingress-controller-rbac.yml": namespaces "ingress-controller" already exists
Error from server (AlreadyExists): error when creating "ingress-controller-rbac.yml": serviceaccounts "ingress-controller" already exists
Error from server (AlreadyExists): error when creating "ingress-controller-rbac.yml": clusterroles.rbac.authorization.k8s.io "ingress-controller" already exists
Error from server (AlreadyExists): error when creating "ingress-controller-rbac.yml": roles.rbac.authorization.k8s.io "ingress-controller" already exists
Error from server (AlreadyExists): error when creating "ingress-controller-rbac.yml": clusterrolebindings.rbac.authorization.k8s.io "ingress-controller" already exists
Error from server (AlreadyExists): error when creating "ingress-controller-rbac.yml": rolebindings.rbac.authorization.k8s.io "ingress-controller" already exists
It is possible that I did so incorrectly. I don't I fully understand the documentation :
https://github.com/jcmoraisjr/haproxy-ingress/tree/master/examples/rbac
I didn't really understand what this:
Deploy the ingress controller. The deployment should be configured to use the ingress-controller service account name if not using kubeconfig and client cert based authentication. Add the serviceAccountName to the pod template spec:
spec:
template:
spec:
serviceAccountName: ingress-controller
What pod template spec? And where in the yaml file?
After much trial and error I final figured out that I need to update the haproxy-ingress "deployment" (via the dashbaord). I only had to add the one line:
serviceAccountName: ingress-controller
directly after the spec: tag.
Thanks for evaluating haproxy ingress and thanks for the feedback. Please let this issue open until someone have a look on this and improves the docs.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}