sandromello
commented
7 years ago Hi,
- Could you specify which version of Kubernetes are you using?
- Are you running the kong-ingress inside of a Kubernetes cluster?
This should not be happening if you're running the ingress inside of a POD in kubernetes, the creation of a namespace is required if you're running the ingress outside of the cluster. To validate if this is true, the controller verifies if the POD_NAMESPACE variable is empty.
I forgot to specify the required RBAC options for having the ingress working with it.
For now you could specify a rolebinding enabling access to the following resources:
- Services [update,patch,list,get]
- Third Party Resource [create,list,get]
- Ingress [update,patch,list,get]
- Namespaces [create,list,get]
- Domains [TPR - create,update,list,get,delete]
Another option is using the same certificates used to manage your cluster:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kong-ingress
namespace: kong-system
spec:
replicas: 1
template:
metadata:
labels:
app: kong-ingress
spec:
terminationGracePeriodSeconds: 60
containers:
- name: kong-ingress
image: 'quay.io/koli/kong-ingress:v0.2.0-alpha'
args:
- --auto-claim
- --wipe-on-delete
- --kong-server=http://kong-admin:8001
- --v=4
- --logtostderr
- --cert-file=/path/to/kube.crt
- --key-file=/path/to/kube.key
- --ca-file=/path/to/ca.crtWarning: Use this only for testing, using RBAC is more secure than this option
arundeepkurni
When i enabled RBAC in kubernetes ,i get error as below: