Closed harutyundermenjyan closed 5 years ago
I got an similiar issue trying to use the default-ssl-certificate
attributes in the extraArgs for the nginx-ingress-controller.
Using kubectl logs
for the rke-ingress-controller-deploy-jobs I get the the same message:
error: error parsing /etc/config/rke-ingress-controller.yaml: error converting YAML to JSON: yaml: line 50: did not find expected key
When I look at https://github.com/rancher/rke/blob/v0.1.10/templates/nginx-ingress.go#L213 there seems to be a issue with the placement of extraArgs in the template. I would have expected it after line 205 (the normal args) and not after the SecurityContext stuff.
That seems to be a regression from https://github.com/rancher/rke/commit/67448c38c672c81d20004d5532fc0db464189d30
I got an similiar issue with default-ssl-certificate, workaround ?
I can confirm @patst's findings. We were trying to start ingress with a custom http/https ports and it was failing. The generated ConfigMap
for the rke-ingress-controller
is broken:
- name: nginx-ingress-controller
image: rancher/nginx-ingress-controller:0.16.2-rancher1
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: 33
- --http-port=18088 <- this should be appended to the args section?
- --https-port=18443 <- this should be appended to the args section?
The only workaround for us right now was after the initialization to edit the rke-ingress-controller
and set the proper configuration. Afterwards just remove the containers from rke-ingress-controller-deploy-job
workload and remove any dead containers from nginx-ingress-controller
as well. Things are working just fine.
Should be resolved; marking as a duplicate of https://github.com/rancher/rke/issues/962
Hi,
How can I run the ingress controller on high ports like 30030 30040 etc without requiring high privileges for it. ( in RKE )
RKE version: v0.1.10
Docker version: 17.03.2-ce
Operating system and kernel: 16.04.3 LTS (Xenial Xerus) 4.4.0-103-generic
Bare-metal Here is part of my ingress config:
rke with
version v0.1.9
it deploys without error but withv0.1.10
it can't createrke-ingress-controller-deploy-job
whenextra_args http-port and https-port
are present. When I delete the mentioned part ofextra_args
it deploys without error.kubectl get po --all-namespaces
kubectl logs rke-ingress-controller-deploy-job-pznrp -n kube-system