Ingress-nginx: nginx-ingress-controller can not be created

Created on 14 Oct 2017 · 13Comments · Source: kubernetes/ingress-nginx

I followed this guide to deploy nginx-ingress-controller , but it can't be created correctly
https://github.com/kubernetes/ingress-nginx/blob/master/examples/deployment/README.md

os:ubuntu16.04
kubenetes 1.8

$ kubectl apply -f nginx-ingress-controller.yaml
deployment "nginx-ingress-controller" configured
$ kubectl -n kube-system get pods
NAME READY STATUS RESTARTS AGE
default-http-backend-59b65899db-m7mgx 1/1 Running 0 35m
etcd-next 1/1 Running 0 10h
kube-apiserver-next 1/1 Running 0 10h
kube-controller-manager-next 1/1 Running 0 10h
kube-dns-545bc4bfd4-hsvq2 3/3 Running 3 10h
kube-flannel-ds-6bnnv 1/1 Running 0 10h
kube-flannel-ds-hx2f7 1/1 Running 0 10h
kube-proxy-2gnxd 1/1 Running 0 10h
kube-proxy-hr4k7 1/1 Running 0 10h
kube-scheduler-next 1/1 Running 0 10h
nginx-ingress-controller-848c5cc54-6rbtg 0/1 CrashLoopBackOff 10 32m

$ kubectl -n kube-system logs -f nginx-ingress-controller-848c5cc54-6rbtg
I1014 11:56:53.610371 7 launch.go:113] &{NGINX 0.9.0-beta.15 git-a3e86f2 https://github.com/kubernetes/ingress}
I1014 11:56:53.610422 7 launch.go:116] Watching for ingress class: nginx
I1014 11:56:53.610706 7 launch.go:291] Creating API client for https://10.96.0.1:443
I1014 11:56:53.629950 7 launch.go:304] Running in Kubernetes Cluster version v1.8 (v1.8.1) - git (clean) commit f38e43b221d08850172a9a4ea785a86a3ffa3b3a - platform linux/amd64
F1014 11:56:53.632074 7 launch.go:136] ✖ It seems the cluster it is running with Authorization enabled (like RBAC) and there is no permissions for the ingress controller. Please check the configuration

It seems no permissions for the ingress controller was the reason for crash , how to fix it?

Source

k19810703

Most helpful comment

@vamsi248 @aledbf I was able to enable RBAC using helm (--set rbac.create=true) and this error is not seen anymore, and the nginx ingress controller is working as expected!

helm install --name my-release stable/nginx-ingress --set rbac.create=true

vhosakot on 11 Jan 2018

👎5 👍5

All 13 comments

Closing. Please use the RBAC example https://github.com/kubernetes/ingress-nginx/tree/master/examples/rbac

aledbf on 14 Oct 2017

@aledbf

The URL you refers to can not open.

noprom on 17 Nov 2017

@aledbf I don't see the URL https://github.com/kubernetes/ingress-nginx/tree/master/examples/rbac too and see that it has been removed by the PR https://github.com/kubernetes/ingress-nginx/pull/1497. Where can I find the rbac example?

I installed nginx-ingress using the helm from https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress, and see the same error in kubectl logs:

helm install stable/nginx-ingress

Wait for 5 minutes for the nginx LoadBalancer IP to be available. The nginx-ingress-controller pod is in CrashLoopBackOff state and the nginx-ingress-controller service is in <pending> state:

# kubectl get all | grep nginx
po/worn-cat-nginx-ingress-controller-5475fc66c7-tb8kj        0/1       CrashLoopBackOff   12         42m
svc/worn-cat-nginx-ingress-controller        LoadBalancer   10.233.35.161   <pending>     80:32378/TCP,443:31317/TCP   42m

Error in kubectl logs below:

# kubectl logs worn-cat-nginx-ingress-controller-5475fc66c7-tb8kj
I0109 17:26:23.337035       7 launch.go:113] &{NGINX 0.9.0-beta.15 git-a3e86f2 https://github.com/kubernetes/ingress}
I0109 17:26:23.337078       7 launch.go:116] Watching for ingress class: nginx
I0109 17:26:23.337382       7 launch.go:291] Creating API client for https://10.233.0.1:443
I0109 17:26:23.350310       7 launch.go:304] Running in Kubernetes Cluster version v. (v1.9.0+coreos.0) - git (clean) commit 1b69a2a6c01194421b0aa17747a8c1a81738a8dd - platform linux/amd64
F0109 17:26:23.351459       7 launch.go:136] ✖ It seems the cluster it is running with Authorization enabled (like RBAC) and there is no permissions for the ingress controller. Please check the configuration

I don't see any endpoints for the nginx-ingress-controller service:

# kubectl describe svc/worn-cat-nginx-ingress-controller
Name:                     worn-cat-nginx-ingress-controller
Namespace:                default
Labels:                   app=nginx-ingress
                          chart=nginx-ingress-0.8.23
                          component=controller
                          heritage=Tiller
                          release=worn-cat
Annotations:              <none>
Selector:                 app=nginx-ingress,component=controller,release=worn-cat
Type:                     LoadBalancer
IP:                       10.233.35.161
Port:                     http  80/TCP
TargetPort:               80/TCP
NodePort:                 http  32378/TCP
Endpoints:                
Port:                     https  443/TCP
TargetPort:               443/TCP
NodePort:                 https  31317/TCP
Endpoints:                
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

vhosakot on 9 Jan 2018

@vamsi248 @aledbf I was able to enable RBAC using helm (--set rbac.create=true) and this error is not seen anymore, and the nginx ingress controller is working as expected!

helm install --name my-release stable/nginx-ingress --set rbac.create=true

vhosakot on 11 Jan 2018

👎5 👍5

@vamsi248 yes, I'm using helm to install the nginx ingress controller on k8s per https://github.com/kubernetes/ingress-nginx/blob/master/deploy/README.md#using-helm.

vhosakot on 12 Jan 2018

Hai @vhosakot
any idea how to configure an IP to my namespace dev or any namespace.. nginx-ingress-controller is running in all namespaces.
so that all services are running in that namespace will expose by hitting that ip address..
is it possible.. i am running my cluster locally..
1.8v kubeadm and weavenet is addons...

Thanks
vamsi

vamsi248 on 13 Jan 2018

@vamsi248 add the flag --watch-namespace <dev|any>
https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/cli-arguments.md

aledbf on 13 Jan 2018

@aledbf bf bf Thanks for your quick response.
but i am asking.. my cluster is running X.x.x.x I.P so all my services which are running in all namespaces will expose on that I.P . but i want to make each namespace to expose there services in Different I.P.
what i mean to say is dev wants to expose on X.X.X.Y . and Test wants to expose there services on X.X.X.Z ... Is it possible and if anybody have documentation on this can u please forward??

Thanks,
vamsi

vamsi248 on 15 Jan 2018

but i want to make each namespace to expose there services in Different I.P.
what i mean to say is dev wants to expose on X.X.X.Y .

The only way you can achieve this is to run multiple ingress controllers with the flag --watch-namespace <dev|any> and using a service type=LoadBalancer

aledbf on 15 Jan 2018

I am running ingress-controllers in all namespaces. but we cant set the dev namespace with specific I.P which is 101.34.56.34 so that all services (DEV namespace) wants to work on this I.P
is it possible. how to configure this I.P to that namespace? any documentation

if i did type loadbalancer then services are running on my cluster I.P only..

vamsi248 on 15 Jan 2018

--watch namespace flag need to add in the yaml file of Ingress-controller right..
can you give basic yaml file with that flag..

vamsi248 on 15 Jan 2018

I just upgraded from k8s 1.6.6 to 1.9.3 and I am experiencing the same issue.
I always had the --watch-namespace enabled but it is failing in the same way.

I am not using helm in my case. I am deploying just a yaml file with kubectl apply command.

Any ideas?