将入口路径从“/”更新为“/test”后,新路径不起作用,我仍然不断被重定向到旧的“/”路径。关于如何为更新的入口更新 nginx-ingress Controller 有什么想法吗?
更新: 我在入口 Controller 日志中得到关注
kubectl logs --tail=10 nginx-ingress-controller-6b5498d8dc-vsdpl
E0923 17:03:11.440951 9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "services" in API group "" at the cluster scope
E0923 17:03:25.947663 9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "endpoints" in API group "" at the cluster scope
E0923 17:03:35.337064 9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1beta1.Ingress: ingresses.networking.k8s.io is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "ingresses" in API group "networking.k8s.io" at the cluster scope
E0923 17:03:39.800610 9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "secrets" in API group "" at the cluster scope
E0923 17:03:45.983141 9 main.go:49] Error getting node 192.168.0.81: nodes "192.168.0.81" is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot get resource "nodes" in API group "" at the cluster scope
E0923 17:03:57.179763 9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "configmaps" in API group "" at the cluster scope
E0923 17:03:57.609798 9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "endpoints" in API group "" at the cluster scope
E0923 17:04:10.422852 9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "services" in API group "" at the cluster scope
E0923 17:04:20.552808 9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "secrets" in API group "" at the cluster scope
E0923 17:04:24.767965 9 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.5/tools/cache/reflector.go:125: Failed to list *v1beta1.Ingress: ingresses.networking.k8s.io is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "ingresses" in API group "networking.k8s.io" at the cluster scope
最佳答案
nginx ingress controller使用的服务账号好像没有权限。使用下面的 clusterrolebinding
kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --serviceaccount=default:nginx-ingress
请注意,这实际上是为该服务帐户授予集群管理员权限,并且可以变得更细粒度。
关于kubernetes - 如何更新 nginx-ingress Controller 以便使用最新的入口路径?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64032639/