Closed silandrew closed 3 weeks ago
@silandrew: This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
/remove-kind bug /help /kind support
@longwuyuan: This request has been marked as needing help from a contributor.
Please ensure that the issue body includes answers to the following questions:
For more details on the requirements of such an issue, please see here and ensure that they are met.
If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help
command.
This is 2 years old now and there have been changes to AKS install as well as K8S specs since then.
I don't know what this "ontroller.podLabels.aadpodidbinding=mi-aks-dev-01"
but whatever it is is heavily relying on Azure and AKS. So its less likely to be any code in the controller itself.
In any case to take any action now, the install has to be attempted again on AKS and the precise detailed elaborate information on the problem to install needs to be posted here.
There are several Azure users currently as per issues posted in the last 2 years and so its not likely that there is a problem in the controller per se for installing on AKS.
If there is a problem, please post the data as requested so that someone can analyze and comment. Hence closing this issue now as there is no current action item being tracked here and this is just adding to the tally of open issues, without tracking any action item.
/close
@longwuyuan: Closing this issue.
Problem ingress deployment creation, on AKS, has been deprecated controller.podLabels.aadpodidbinding=mi-devxxx and replaced with Azure AD Workload Identity :
depicted pod identity on AKS this is replaced by Azure AD Workload Identity:
NGINX Ingress controller version ingress-nginx- chart ver 4.2.5 app ver 1.3.1 (exec into the pod and run nginx-ingress-controller --version.):
Kubernetes version 124.3 (use
kubectl version
):Environment Azurte AKS:
Cloud provider Azuren:
OS Ubuntu /etc/os-release):
How was the ingress-nginx-controller installed:
helm ls -A | grep -i ingress
helm install ingress-nginx/ingress-nginx --generate-name --namespace=portal-dev --set controller.replicaCount=3 --set controller.nodeSelector."beta.kubernetes.io/os"=linux --set defaultBackend.nodeSelector."beta.kubernetes.io/os"=linux --set controller.service.annotations."service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path"=/healthz --set controller.podLabels.aadpodidbinding=mi-aks-dev-01 -f - <<EOF controller: extraVolumes:
extraVolumeMounts:
Current State of the controller:
kubectl describe ingressclasses nginx
Current state of ingress object, if applicable:
kubectl -n <appnnamespace> get all,ing -o wide
error: unable to match a printer suitable for the output format "wide
", allowed formats are: custom-columns,custom-columns-file,go-template,go-template-file,json,jsonpath,jsonpath-as-json,jsonpath-file,name,template,templatefile,wide,yamlAs minimally and precisely as possible. Keep in mind we do not have access to your cluster or application. Help up us (if possible) reproducing the issue using minikube or kind.
Install minikube/kind
Install the ingress controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/baremetal/deploy.yaml
Install an application that will act as default backend (is just an echo app)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/http-svc.yaml
Create an ingress (please add any additional annotation required)
echo " apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: xxxxxx namespace: xxxx annotations:
kubernetes.io/ingress.allow-http: "false"
spec:
ingressClassName: "traefik-internal"
tls:
rules:
name: xxxx port: number: 80
make a request
--->
Anything else we need to know:
this replace pod identity az aks update -g rg-aks-xxx -n aks-xxx2 --enable-managed-identity --assign-identity xxxxxxxxxx