![](/img/trans.png)
[英]How to install kubernetes / ingress-nginx using kubectl ? (not helm)
[英]Can not install nginx by using helm over kubernetes
我有kubernetes Cluster v1.10 over centos 7,裸機
helm version
Client: &version.Version{SemVer:"v2.11.0-rc.3", GitCommit:"28d295be2a94115b786ee277dffcc2b5483bde47", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0-rc.3", GitCommit:"28d295be2a94115b786ee277dffcc2b5483bde47", GitTreeState:"clean"}
我正在嘗試使用helm安裝nginx
helm install stable/nginx-ingress --name nginx
它回來了
Error: release nginx failed:
clusterroles.rbac.authorization.k8s.io "nginx-nginx-ingress" is
forbidden: attempt to grant extra privileges:
[PolicyRule{APIGroups:[""], Resources:["configmaps"], Verbs:
["list"]} PolicyRule{APIGroups:[""], Resources:["configmaps"],
Verbs:["watch"]} PolicyRule{APIGroups:[""], Resources:
["endpoints"], Verbs:["list"]} PolicyRule{APIGroups:[""],
Resources:["endpoints"], Verbs:["watch"]} PolicyRule{APIGroups:
[""], Resources:["nodes"], Verbs:["list"]} PolicyRule{APIGroups:
[""], Resources:["nodes"], Verbs:["watch"]} PolicyRule{APIGroups:
[""], Resources:["pods"], Verbs:["list"]} PolicyRule{APIGroups:
[""], Resources:["pods"], Verbs:["watch"]} PolicyRule{APIGroups:
[""], Resources:["secrets"], Verbs:["list"]} PolicyRule{APIGroups:
[""], Resources:["secrets"], Verbs:["watch"]}
PolicyRule{APIGroups:[""], Resources:["nodes"], Verbs:["get"]}
PolicyRule{APIGroups:[""], Resources:["services"], Verbs:["get"]}
PolicyRule{APIGroups:[""], Resources:["services"], Verbs:["list"]}
PolicyRule{APIGroups:[""], Resources:["services"], Verbs:
["update"]} PolicyRule{APIGroups:[""], Resources:["services"],
Verbs:["watch"]} PolicyRule{APIGroups:["extensions"], Resources:
["ingresses"], Verbs:["get"]} PolicyRule{APIGroups:["extensions"],
Resources:["ingresses"], Verbs:["list"]} PolicyRule{APIGroups:
["extensions"], Resources:["ingresses"], Verbs:["watch"]}
PolicyRule{APIGroups:[""], Resources:["events"], Verbs:["create"]}
PolicyRule{APIGroups:[""], Resources:["events"], Verbs:["patch"]}
PolicyRule{APIGroups:["extensions"], Resources:
["ingresses/status"], Verbs:["update"]}] user=&
{system:serviceaccount:kube-system:default 8f248058-b684-11e8-
b781-daf0a0c10949 [system:serviceaccounts
system:serviceaccounts:kube-system system:authenticated] map[]}
ownerrules=[] ruleResolutionErrors=[]
我該如何解決這個問題?
謝謝你:D
由於kubectl apply -f
用於創建或更新資源,另一方面,Helm可以稱為Kubernetes Package Manager。 您發布的解決方案是一個解決方法,因為問題是關於Helm而不是如何使用kubectl apply
創建資源。 添加--set rbac.create=false
表示您可能在沒有RBAC支持的情況下部署了Tiller。 問題是,它是故意做的嗎? 如果您沒有打開RBAC授權,則可以繼續使用--set rbac.create=false
; 如果您想要啟用RBAC,則必須將Tiller服務帳戶添加為cluster-admin
角色。
搜索后,我認為這是解決方案
helm install stable/nginx-ingress --name ingress --namespace kube-system --set rbac.create=false --set rbac.createRole=false --set rbac.createClusterRole=false
要么
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.