我正在使用 terraform 在 azure 中配置一些资源,但我似乎无法让 helm 安装 nginx-ingress,因为它等待条件超时
helm_release.nginx_ingress: 1 error(s) occurred:
helm_release.nginx_ingress: rpc error: code = Unknown desc = release nginx-ingress failed: timed out waiting for the condition
Terraform does not automatically rollback in the face of errors. Instead, your Terraform state file has been partially updated with any resources that successfully completed. Please address the error above and apply again to incrementally change your infrastructure. main.tf
data "azurerm_public_ip" "nginx_ingress" {
name = "xxxx-public-ip"
resource_group_name = "xxxx-public-ip"
}
resource "azurerm_resource_group" "xxxx_RG" {
name = "${var.name_prefix}"
location = "${var.location}"
}
resource "azurerm_kubernetes_cluster" "k8s" {
name = "${var.name_prefix}-aks"
kubernetes_version = "${var.kubernetes_version}"
location = "${azurerm_resource_group.xxxx_RG.location}"
resource_group_name = "${azurerm_resource_group.xxxx_RG.name}"
dns_prefix = "AKS-${var.dns_prefix}"
agent_pool_profile {
name = "${var.node_pool_name}"
count = "${var.node_pool_size}"
vm_size = "${var.node_pool_vmsize}"
os_type = "${var.node_pool_os}"
os_disk_size_gb = 30
}
service_principal {
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
}
tags = {
environment = "${var.env_tag}"
}
}
provider "helm" {
install_tiller = true
kubernetes {
host = "${azurerm_kubernetes_cluster.k8s.kube_config.0.host}"
client_certificate = "${base64decode(azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate)}"
client_key = "${base64decode(azurerm_kubernetes_cluster.k8s.kube_config.0.client_key)}"
cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate)}"
}
}
# Add Kubernetes Stable Helm charts repo
resource "helm_repository" "stable" {
name = "stable"
url = "https://kubernetes-charts.storage.googleapis.com"
}
# Install Nginx Ingress using Helm Chart
resource "helm_release" "nginx_ingress" {
name = "nginx-ingress"
repository = "${helm_repository.stable.metadata.0.name}"
chart = "nginx-ingress"
wait = "true"
set {
name = "rbac.create"
value = "false"
}
set {
name = "controller.service.externalTrafficPolicy"
value = "Local"
}
set {
name = "controller.service.loadBalancerIP"
value = "${data.azurerm_public_ip.nginx_ingress.ip_address}"
}
}
然后用这个部署我的应用程序
provider "kubernetes" {
host = "${azurerm_kubernetes_cluster.k8s.kube_config.0.host}"
username = "${azurerm_kubernetes_cluster.k8s.kube_config.0.username}"
password = "${azurerm_kubernetes_cluster.k8s.kube_config.0.password}"
client_certificate = "${base64decode(azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate)}"
client_key = "${base64decode(azurerm_kubernetes_cluster.k8s.kube_config.0.client_key)}"
cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate)}"
}
resource "kubernetes_deployment" "flask_api_deployment" {
metadata {
name = "flask-api-deployment"
}
spec {
replicas = 1
selector {
match_labels {
component = "api"
}
}
template {
metadata {
labels = {
component = "api"
}
}
spec {
container {
image = "xxxx.azurecr.io/sampleflask:0.1.0"
name = "flask-api"
port {
container_port = 5000
}
}
}
}
}
}
resource "kubernetes_ingress" "flask_api_ingress_service" {
metadata {
name = "flask-api-ingress-service"
}
spec {
backend {
service_name = "flask-api-cluster-ip-service"
service_port = 5000
}
}
}
resource "kubernetes_service" "flask_api_cluster_ip-service" {
metadata {
name = "flask-api-cluster-ip-service"
}
spec {
selector {
component = "api"
}
port {
port = 5000
target_port = 5000
}
}
}
我不确定它在等待什么条件。我可以将超时设置得更大,但这似乎没有帮助。我也可以在 helm release 中设置 wait = false ,但似乎没有配置任何资源。
编辑:从我所做的一些测试中,我发现在 Helm 版本中指定 loadbalancerIP 时存在问题。如果我注释掉它就可以了。
编辑:通过更多测试,我发现创建的负载均衡器无法创建。 Controller :在资源组 MC_xxxxxxxx 中找不到用户提供的 IP 地址 52.xxx.x.xx
所以我想问题是我如何允许指定来自不同资源组的 IP?
最佳答案
要通过 Terraform 中的 helm 在 AKS 集群中安装 nginx-ingress,我在这里展示了一种可用的方法。这样,您需要在要运行 terraform 脚本的机器上安装 helm。然后,您还需要将 helm 配置到您的 AKS 群集。 Configure the helm to AKS中的步骤.您可以通过向 AKS 安装一些东西来检查 helm 是否配置为 AKS。
当一切准备就绪。您只需要设置 helm 提供程序并使用资源 helm_release .安装 nginx-ingress 的 Terraform 脚本在这里显示:
provider "helm" {
version = "~> 0.9"
}
resource "helm_release" "ingress" {
name = "application1"
chart = "stable/nginx-ingress"
version = "1.10.2"
namespace = "ingress-basic"
set {
name = "controller.replicaCount"
value = "1"
}
...
}
该过程显示在这里:
这只是为了在 Terraform 中通过 helm 安装 nginx-ingress。如果你想创建 Kubernetes 的资源。您可以在 Terraform 中使用 kubernetes。
更新 :
好的,要将另一个资源组中的静态公共(public) IP 用于您的入口,您需要再执行两个步骤。
yaml 文件中的注释如下所示:
annotations:
service.beta.kubernetes.io/azure-load-balancer-resource-group: myResourceGroup
更多详情,请参阅 Use a static IP address outside of the node resource group .
更新1:
“helm_release”中的代码:
resource "helm_release" "ingress" {
name = "application1223"
chart = "stable/nginx-ingress"
version = "1.10.2"
namespace = "ingress-basic"
set {
name = "controller.replicaCount"
value = "1"
}
set {
name = "controller.service.annotations.\"service\\.beta\\.kubernetes\\.io/azure-load-balancer-resource-group\""
value = "v-chaxu-xxxx"
}
set {
name = "controller.service.loadBalancerIP"
value = "13.68.175.40"
}
}
部署成功后,入口服务显示如下:
另一个资源组中的公共(public) IP 的信息:
关于等待条件时terraform helm释放超时,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57019284/