Following the ingress controller install guide and just change the name space of everything to default - getting an error from the ingress controller
W0720 14:13:56.721674 1 client_config.go:614] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
time="2021-07-20T14:13:56Z" level=info msg="version of kubernetes api-server: 1.16" api-server-host="https://10.96.0.1:443" git_commit=a17149e1a189050796ced469dbd78d380f2ed5ef git_tree_state=clean git_version=v1.16.9 major=1 minor=16 platform=linux/amd64
time="2021-07-20T14:13:56Z" level=fatal msg="failed to fetch publish-service: services \"kong-proxy\" not found" service_name=kong-proxy service_namespace=kong
This is the deployment definition
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-kong
name: ingress-kong
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: ingress-kong
template:
metadata:
annotations:
kuma.io/gateway: enabled
prometheus.io/port: "8100"
prometheus.io/scrape: "true"
traffic.sidecar.istio.io/includeInboundPorts: ""
labels:
app: ingress-kong
spec:
volumes:
- name: kong-plugin-dummy-header
configMap:
name: kong-plugin-dummy-header
- name: kong-plugin-external-auth
configMap:
name: kong-plugin-external-auth
containers:
- image: kong:2.4
name: proxy
env:
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2
- name: KONG_PORT_MAPS
value: 80:8000, 443:8443
- name: KONG_ADMIN_LISTEN
value: 127.0.0.1:8444 ssl
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8100
- name: KONG_DATABASE
value: "off"
- name: KONG_NGINX_WORKER_PROCESSES
value: "4"
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_PLUGINS
value: bundled,dummy-header,external-auth
- name: KONG_LUA_PACKAGE_PATH
value: "/opt/?.lua;;"
- name: KONG_NGINX_PROXY_CLIENT_MAX_BODY_SIZE
value: '3m'
volumeMounts:
- name: kong-plugin-dummy-header
mountPath: /opt/kong/plugins/dummy-header
- name: kong-plugin-external-auth
mountPath: /opt/kong/plugins/external-auth
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- kong quit
livenessProbe:
failureThreshold: 3
httpGet:
path: /status
port: 8100
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
ports:
- containerPort: 8000
name: proxy
protocol: TCP
- containerPort: 8443
name: proxy-ssl
protocol: TCP
- containerPort: 8100
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /status
port: 8100
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
- env:
- name: CONTROLLER_KONG_ADMIN_URL
value: https://127.0.0.1:8444
- name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
value: "true"
- name: CONTROLLER_PUBLISH_SERVICE
value: kong/kong-proxy
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: kong/kubernetes-ingress-controller:1.3
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: ingress-controller
ports:
- containerPort: 8080
name: webhook
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
serviceAccountName: kong-serviceaccount
The ingress controller has an environment variable definition for POD_NAMESPACE at the bottom
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
It doesn’t seem to respect it
This also seems to mean that if there is a plugin that makes an HTTP call to some service in the cluster, it needs to be in the same namespace - or, in the kong namespace in this case, is that accurate?