请稍等 ...
×

采纳答案成功!

向帮助你的同学说点啥吧!感谢那些助人为乐的人

ingress create yaml文件后 ingress-nginx pod状态为CrashLoopBackOff

图片描述
[root@node1 ~]# kc describe pod nginx-ingress-controller-b4f59498f-vwrmc -n ingress-nginx
Events:
Type Reason Age From Message

Normal Pulling 2m28s kubelet Pulling image "registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.32.0"
Normal Scheduled 2m26s default-scheduler Successfully assigned ingress-nginx/nginx-ingress-controller-b4f59498f-vwrmc to node1
Normal Pulled 2m1s kubelet Successfully pulled image “registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.32.0” in 26.49768853s
Warning Unhealthy 91s (x2 over 112s) kubelet Readiness probe failed: Get “http://192.168.99.102:10254/healthz”: dial tcp 192.168.99.102:10254: connect: connection refused
Normal Created 61s (x4 over 113s) kubelet Created container nginx-ingress-controller
Normal Started 61s (x4 over 113s) kubelet Started container nginx-ingress-controller
Normal Pulled 61s (x3 over 111s) kubelet Container image “registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.32.0” already present on machine
Warning BackOff 58s (x10 over 110s) kubelet Back-off restarting failed container
[root@node1 ~]# kc logs nginx-ingress-controller-b4f59498f-vwrmc -n ingress-nginx
W1210 07:41:39.648335 6 flags.go:249] SSL certificate chain completion is disabled (–enable-ssl-chain-completion=false)
W1210 07:41:39.648496 6 client_config.go:543] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I1210 07:41:39.648718 6 main.go:220] Creating API client for https://10.1.0.1:443

NGINX Ingress controller
Release: 0.32.0
Build: git-446845114
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.17.10

I1210 07:41:39.675723 6 main.go:264] Running in Kubernetes cluster version v1.22 (v1.22.4) - git (clean) commit b695d79d4f967c403a96986f1750a35eb75e75f1 - platform linux/amd64
F1210 07:41:39.828634 6 ssl.go:389] unexpected error storing fake SSL Cert: could not create PEM certificate file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem: permission denied

图片描述
扎西石 2021-12-10 16:30:58
源自:6-6  ingress实践
1367
收起

正在回答 回答被采纳积分+3

1回答

清风 2021-12-10 16:36:28

参考这个:

6

I experienced the same. the solution is not to remove the capability section but to change the runAsuser

if you download the new release (0.27.1) deployment of the Nginx ingress controller, you can see:

       securityContext:
         allowPrivilegeEscalation: true
         capabilities:
           drop:
             - ALL
           add:
             - NET_BIND_SERVICE
         # www-data -> 101
         runAsUser: 101

The "runAsUser" line has a different user id. the user id in my old deployment was different so I got this error. Since I Changed the runAsUser to ID 101, the id in the kubernetes definitions is the same as the ID used in the new Nginx image and it works again :)


0 回复 有任何疑惑可以回复我~
收起回答
  • 提问者 扎西石 #1 
    runAsUser改了还是报同样的错
    回复 有任何疑惑可以回复我~ 2021-12-13 16:51:47
取消 回复

相似问题

根据跟新的6-7又做了一遍nginx-ingress-controller还是重启几次CrashLoopBackOff
1492 0 10
是每个服务都要起一个ingress-nginx
849 0 3
ingress-nginx 无日志输出
1507 0 4
ingress
990 0 3
ingress 的 address
1246 0 2

登录后可查看更多问答,登录/注册

问题已解决,确定采纳
还有疑问,暂不采纳
Kubernetes 入门到进阶实战,系统性掌握 K8s 生产实践
  • 参与学习       1551    人
  • 提交作业       279    份
  • 解答问题       621    个

阿里云最有价值专家亲授,云原生时代必备技能

了解课程

本课精华内容

问答 作业

mysql 没有启动

1.5k 5

老师用您这个镜像,执行到这一步出现问题

1.4k 5

老师我每个组件都有两个容器,是不是有点问题?

1.3k 2

无法运行java项目 一直报错

1.4k 30

The connection to the server 192.168.99.101:6443 was refused

1.7k 24

查看更多本课问答
微信客服

购课补贴
联系客服咨询优惠详情

 帮助反馈 APP下载

慕课网APP
您的移动学习伙伴

 公众号

扫描二维码
关注慕课网微信公众号