那些遇到过的问题

如何更新 nginx-ingress 控制器以便使用最新的入口路径?

dev*_*oud 3 kubernetes kubernetes-ingress

将入口路径从“/”更新为“/test”后,新路径不起作用,并且我仍然不断重定向到旧的“/”路径。关于如何更新 nginx-ingress 控制器以更新入口的任何想法?

更新:我在入口控制器日志中得到以下信息

kubectl logs --tail=10 nginx-ingress-controller-6b5498d8dc-vsdpl
E0923 17:03:11.440951       9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "services" in API group "" at the cluster scope
E0923 17:03:25.947663       9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "endpoints" in API group "" at the cluster scope
E0923 17:03:35.337064       9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1beta1.Ingress: ingresses.networking.k8s.io is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "ingresses" in API group "networking.k8s.io" at the cluster scope
E0923 17:03:39.800610       9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "secrets" in API group "" at the cluster scope
E0923 17:03:45.983141       9 main.go:49] Error getting node 192.168.0.81: nodes "192.168.0.81" is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot get resource "nodes" in API group "" at the cluster scope
E0923 17:03:57.179763       9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "configmaps" in API group "" at the cluster scope
E0923 17:03:57.609798       9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "endpoints" in API group "" at the cluster scope
E0923 17:04:10.422852       9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "services" in API group "" at the cluster scope
E0923 17:04:20.552808       9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "secrets" in API group "" at the cluster scope
E0923 17:04:24.767965       9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1beta1.Ingress: ingresses.networking.k8s.io is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "ingresses" in API group "networking.k8s.io" at the cluster scope
Run Code Online (Sandbox Code Playgroud)

Arg*_*dhu 9

nginx入口控制器使用的服务帐户似乎没有权限。使用下面的clusterrolebinding

kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --serviceaccount=default:nginx-ingress
Run Code Online (Sandbox Code Playgroud)

请注意,这本质上是为该服务帐户授予集群管理权限,并且可以做得更细粒度。

归档时间:

查看次数:

2487 次

最近记录:

5 年 前
相关归档
如何让kubectl登录AWS EKS集群? 7
Kubernetes 集群中处于挂起状态的 Coredns 6
Kubernetes Python 客户端连接问题 6
NoExecuteTaintManager 错误地删除了 Pod? 6
Kubernetes AutoScaler Not Scaling,HPA显示目标<unknown> 5
coredns 无法正确解析服务名称 5
运行 kubectl get services 时端口列表中的冒号是什么意思 4
Kubernetes滚动更新:在更新之前尊重Pod准备就绪 3
如何在Google Container Engine上使用Kubernetes服务公开动态端口? 2
如何使用 Kubernetes 端点对象? 1
难疑归档
在Git存储库中查找并恢复已删除的文件 2716
如何在JavaScript中检查"undefined"? 2294
JavaScript对象的长度 2224
#include <filename>和#include"filename"有什么区别? 2204
如何在C#中生成随机int数? 1792
如何检查字符串"StartsWith"是否是另一个字符串? 1660
如何有效地计算JavaScript中对象的键/属性数? 1452
你怎么能加速Eclipse? 1258
从字典中删除元素 1243
如何撤消'git reset'? 1172