Closed nwhln-sgrid closed 1 year ago
Is it related to https://github.com/kubernetes/minikube/issues/8756?
Is it related to #8756?
It appears the two are similar or identical.
When I check the kubectl deployment via
kubectl -n ingress-nginx edit deployment ingress-nginx-controller
The pod image URL is listed as:
k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8
Which returns a 404.
When I attempt to pull via docker:
USER@HOSTNAME:~$ docker pull k8s.gcr.io/ingress-nginx/controller:v1.2.1
v1.2.1: Pulling from ingress-nginx/controller
8663204ce13b: Pull complete
897a18b2d257: Pull complete
3cb02f360cf3: Pull complete
2b63816a7692: Pull complete
d61ce16aa3b6: Pull complete
4391833fbf2c: Pull complete
4f4fb700ef54: Pull complete
bb397308bcd5: Pull complete
803395581751: Pull complete
153d402a7263: Pull complete
c815f058cf7b: Pull complete
a872540e4aca: Pull complete
4972574251d0: Pull complete
30197fe775a6: Pull complete
b059831ea274: Pull complete
Digest: sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8
Status: Downloaded newer image for k8s.gcr.io/ingress-nginx/controller:v1.2.1
k8s.gcr.io/ingress-nginx/controller:v1.2.1
For some reason, after installing virtualbox
& virtualbox-dkms
, the ingress add-on works. I stopped minikube afterwards, deleted the cluster, rebooted the server & re-ran the minikube command successfully:
USER@HOSTNAME:~$ minikube start --addons=ingress --cpus=2 --cni=flannel --install-addons=true --kubernetes-version=stable --memory=6g --driver=virtualbox
π minikube v1.26.0 on Ubuntu 20.04
β¨ Using the virtualbox driver based on user configuration
π Starting control plane node minikube in cluster minikube
π₯ Creating virtualbox VM (CPUs=2, Memory=6144MB, Disk=20000MB) ...
π³ Preparing Kubernetes v1.24.1 on Docker 20.10.16 ...
βͺ Generating certificates and keys ...
βͺ Booting up control plane ...
βͺ Configuring RBAC rules ...
π Configuring Flannel (Container Networking Interface) ...
βͺ Using image k8s.gcr.io/ingress-nginx/controller:v1.2.1
βͺ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
βͺ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
βͺ Using image gcr.io/k8s-minikube/storage-provisioner:v5
π Verifying ingress addon...
π Verifying Kubernetes components...
π Enabled addons: default-storageclass, storage-provisioner, ingress
π Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
Some more background on the issue, it appears to be due to a missing secret:
kubectl describe pod ingress-nginx-controller-755dfbfc65-52zqr -n ingress-nginx
Name: ingress-nginx-controller-755dfbfc65-52zqr
Namespace: ingress-nginx
Priority: 0
Node: minikube/192.168.49.2
Start Time: Thu, 21 Jul 2022 20:26:19 +0000
Labels: app.kubernetes.io/component=controller
app.kubernetes.io/instance=ingress-nginx
app.kubernetes.io/name=ingress-nginx
gcp-auth-skip-secret=true
pod-template-hash=755dfbfc65
Annotations: <none>
Status: Pending
IP:
IPs: <none>
Controlled By: ReplicaSet/ingress-nginx-controller-755dfbfc65
Containers:
controller:
Container ID:
Image: k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8
Image ID:
Ports: 80/TCP, 443/TCP, 8443/TCP
Host Ports: 80/TCP, 443/TCP, 0/TCP
Args:
/nginx-ingress-controller
--election-id=ingress-controller-leader
--controller-class=k8s.io/ingress-nginx
--watch-ingress-without-class=true
--configmap=$(POD_NAMESPACE)/ingress-nginx-controller
--tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
--udp-services-configmap=$(POD_NAMESPACE)/udp-services
--validating-webhook=:8443
--validating-webhook-certificate=/usr/local/certificates/cert
--validating-webhook-key=/usr/local/certificates/key
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Requests:
cpu: 100m
memory: 90Mi
Liveness: http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=5
Readiness: http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=3
Environment:
POD_NAME: ingress-nginx-controller-755dfbfc65-52zqr (v1:metadata.name)
POD_NAMESPACE: ingress-nginx (v1:metadata.namespace)
LD_PRELOAD: /usr/local/lib/libmimalloc.so
Mounts:
/usr/local/certificates/ from webhook-cert (ro)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kmrg2 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
webhook-cert:
Type: Secret (a volume populated by a Secret)
SecretName: ingress-nginx-admission
Optional: false
kube-api-access-kmrg2:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: Burstable
Node-Selectors: kubernetes.io/os=linux
minikube.k8s.io/primary=true
Tolerations: node-role.kubernetes.io/master:NoSchedule
node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 6m12s default-scheduler Successfully assigned ingress-nginx/ingress-nginx-controller-755dfbfc65-52zqr to minikube
Warning FailedMount 4m9s kubelet Unable to attach or mount volumes: unmounted volumes=[webhook-cert], unattached volumes=[webhook-cert kube-api-access-kmrg2]: timed out waiting for the condition
Warning FailedMount 2m1s (x10 over 6m11s) kubelet MountVolume.SetUp failed for volume "webhook-cert" : secret "ingress-nginx-admission" not found
Warning FailedMount 114s kubelet Unable to attach or mount volumes: unmounted volumes=[webhook-cert], unattached volumes=[kube-api-access-kmrg2 webhook-cert]: timed out waiting for the condition
kubectl get secret -n ingress-nginx
No resources found in ingress-nginx namespace.
Anyone have any ideas?
/kind support
Is this the same issue? I am stuck here, containers are not ready.
I'm experiencing the same problem with minikube 1.26.0. minikube start takes around 10 minutes and then times out about half the time.
What I am seeing:
Configuring CNI (Container Networking Interface) ... π Verifying Kubernetes components... βͺ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 βͺ Using image k8s.gcr.io/sig-storage/snapshot-controller:v4.0.0 βͺ Using image gcr.io/k8s-minikube/storage-provisioner:v5 βͺ Using image k8s.gcr.io/ingress-nginx/controller:v1.2.1 βͺ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 π Verifying ingress addon... β Enabling 'ingress' returned an error: running callbacks: [waiting for app.kubernetes.io/name=ingress-nginx pods: timed out waiting for the condition] π Enabled addons: storage-provisioner, default-storageclass, volumesnapshots π Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
When I run kubectl get pods -n ingress-nginx while minikube start is executing, I observe that the ingress-nginx-admission-create and ingress-nginx-admission-patch take maybe 5 minutes to run, and the ingress controller pod is in ContainerCreating state while that's going on. Eventually, the create/patch jobs finish, and sooner or later, the ingress-controller pod becomes ready. Sometimes it becomes ready before the timeout, sometimes after.
If the timeout happens first, I can enable the addon with a separate command, and it's successful:
β forgeops git:(master) minikube addons enable ingress βͺ Using image k8s.gcr.io/ingress-nginx/controller:v1.2.1 βͺ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 βͺ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 π Verifying ingress addon... π The 'ingress' addon is enabled
(Does anyone know if I need to run this separate step to enable the addon or not, or does "enable addon" just wait to see that the ingress controller pod is active?)
(Does anyone know if I need to run this separate step to enable the addon or not, or does "enable addon" just wait to see that the ingress controller pod is active?)
Hi @dgoldssfo β is this issue still occurring? Were you able to find a solution?
For additional assistance, please consider reaching out to the minikube community:
https://minikube.sigs.k8s.io/community/
We also offer support through Slack, Groups, and office hours.
Seems like it's been fixed. minikube start is back to about what it used to take, and I haven't seen a timeout in a while.
Seems like it's been fixed. minikube start is back to about what it used to take, and I haven't seen a timeout in a while.
Hi @dgoldssfo, thanks for the follow up response to the issue.
If anything else comes up please feel free to re-open the issue by commenting with /reopen
.
Thank you for sharing your experience!
(Does anyone know if I need to run this separate step to enable the addon or not, or does "enable addon" just wait to see that the ingress controller pod is active?)
Hi @dgoldssfo β is this issue still occurring? Were you able to find a solution?
For additional assistance, please consider reaching out to the minikube community:
https://minikube.sigs.k8s.io/community/
We also offer support through Slack, Groups, and office hours.
I joined unsuccessfully and was prompted that I don't have a @get-an-invite-at.slack.kubernetes.io
email. What should I do? Where can I contact the administrator of k8s workspace?
Same here.
minikube addons enable ingress
fails:
π minikube addons enable ingress
π‘ ingress is an addon maintained by Kubernetes. For any concerns contact minikube on GitHub.
You can view the list of minikube maintainers at: https://github.com/kubernetes/minikube/blob/master/OWNERS
π‘ After the addon is enabled, please run "minikube tunnel" and your ingress resources would be available at "127.0.0.1"
βͺ Using image registry.k8s.io/ingress-nginx/controller:v1.7.0
βͺ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794
βͺ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794
π Verifying ingress addon...
β Exiting due to MK_ADDON_ENABLE: enable failed: run callbacks: running callbacks: [waiting for app.kubernetes.io/name=ingress-nginx pods: timed out waiting for the condition]
If I look at the pods:
β kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-kcj4q 0/1 ImagePullBackOff 0 7m5s
ingress-nginx-admission-patch-pw5dk 0/1 ImagePullBackOff 0 7m5s
ingress-nginx-controller-6cc5ccb977-zf2kr 0/1 ContainerCreating 0 7m5s
I can see that there's a pull error:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 24m default-scheduler Successfully assigned ingress-nginx/ingress-nginx-admission-create-kcj4q to minikube
Normal Pulling 23m (x4 over 24m) kubelet Pulling image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f"
Warning Failed 23m (x4 over 24m) kubelet Failed to pull image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f": rpc error: code = Unknown desc = Error response from daemon: Get "https://europe-north1-docker.pkg.dev/v2/k8s-artifacts-prod/images/ingress-nginx/kube-webhook-certgen/manifests/sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f": dial tcp: lookup europe-north1-docker.pkg.dev on 192.168.65.254:53: no such host
Warning Failed 23m (x4 over 24m) kubelet Error: ErrImagePull
Warning Failed 23m (x6 over 24m) kubelet Error: ImagePullBackOff
Normal BackOff 4m44s (x88 over 24m) kubelet Back-off pulling image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f"'
And if I go into minikube and manually pull:
ssh minikube
docker@minikube:~$ docker pull registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
Error response from daemon: Get "https://europe-north1-docker.pkg.dev/v2/k8s-artifacts-prod/images/ingress-nginx/kube-webhook-certgen/manifests/sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f": dial tcp: lookup europe-north1-docker.pkg.dev on 192.168.65.254:53: no such host
However, if I just replace the domain:
docker@minikube:~$ docker pull k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
k8s.gcr.io/ingress-nginx/kube-webhook-certgen@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f: Pulling from ingress-nginx/kube-webhook-certgen
Digest: sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
β¦all works fine.
registry.k8s.io redirects to europe-north1-docker.pkg.dev that doesn't resolve on minikube?
docker@minikube:~$ nslookup europe-north1-docker.pkg.dev
Server: 192.168.65.254
Address: 192.168.65.254#53
** server can't find europe-north1-docker.pkg.dev: NXDOMAIN
docker@minikube:~$ nslookup registry.k8s.io
Server: 192.168.65.254
Address: 192.168.65.254#53
Non-authoritative answer:
Name: registry.k8s.io
Address: 34.96.108.209
Name: registry.k8s.io
Address: 2600:1901:0:bbc4::
docker@minikube:~$ nslookup k8s.gcr.io
Server: 192.168.65.254
Address: 192.168.65.254#53
Non-authoritative answer:
k8s.gcr.io canonical name = googlecode.l.googleusercontent.com.
Name: googlecode.l.googleusercontent.com
Address: 173.194.222.82
Name: googlecode.l.googleusercontent.com
Address: 2a00:1450:4010:c0b::52
What Happened?
I cannot pull the ingress container. My current minikube version:
Prior to attempting firing up minikube:
Attempting to start minikube with ingress:
Attach the log file
minikube.log
Operating System
Ubuntu
Driver
Docker