REK安装K8S后,ingress一直状态为ContainerCreating
1、pod状态
#获取ingress-nginx命名空间的pods
kubectl get pods -n ingress-nginx
#=====================================================================================================
NAMESPACE NAME READY STATUS RESTARTS
ingress-nginx nginx-ingress-controller-8tqkq 0/1 ContainerCreating 0
ingress-nginx nginx-ingress-controller-qt5bw 0/1 ContainerCreating 0
ingress-nginx nginx-ingress-controller-v8q89 0/1 ContainerCreating 0
2、存在问题
kubelet MountVolume.SetUp failed for volume “webhook-cert” : secret “ingress-nginx-admission” not found
#查看nginx-ingress-controller-8tqkq的详情
kubectl describe pod nginx-ingress-controller-8tqkq -n ingress-nginx
#=====================================================================================================
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedMount 17m (x36988 over 74d) kubelet Unable to attach or mount volumes: unmounted volumes=[webhook-cert], unattached volumes=[webhook-cert kube-api-access-k7rk2]: timed out waiting for the condition
Warning FailedMount 2m6s (x52976 over 74d) kubelet MountVolume.SetUp failed for volume "webhook-cert" : secret "ingress-nginx-admission" not found
3、解决方式:
#查看ingress的相关secret
kubectl get secret -A|grep ingress
#=====================================================================================================
ingress-nginx default-token-bbmmc kubernetes.io/service-account-token 3
ingress-nginx ingress-nginx-admission-token-qqcbg kubernetes.io/service-account-token 3
ingress-nginx ingress-nginx-token-b9kwn kubernetes.io/service-account-token 3
发现它叫:ingress-nginx-admission-token-qqcbg
但根据查看nginx-ingress-controller-8tqkqy的yaml文件发现了ingress-nginx-admission,两者不符
#查看nginx-ingress-controller-8tqkqy的yaml文件
kubectl get pod nginx-ingress-controller-8tqkq -n ingress-nginx -o yaml
复制一个与ingress-nginx-admission-token-qqcbg内容相同的secret,命名为ingress-nginx-admission
#将ingress-nginx-admission-token-qqcbg的yaml导出为文件secret.yaml
kubectl get secret ingress-nginx-admission-token-qqcbg -n ingress-nginx -o yaml >secret.yaml
#修改secret.yaml的内容
vi secret.yaml
修改name为ingress-nginx-admission
#再执行命令,将secret进行添加
kubectl apply -f secret.yaml
最后重启pod,通过删除一个pod即可,因为deployment对象,具有重启策略,会进行重启
#删除pod
kubectl delete pod nginx-ingress-controller-8tqkq
#查看ingress-nginx命名空间的pod
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-mqlb2 1/1 Running 0 9m52s
nginx-ingress-controller-qt5bw 1/1 Running 0 92d
nginx-ingress-controller-v8q89 1/1 Running 0 75d