Ingress-controller not respecting POD_NAMESPACE

Following the ingress controller install guide and just change the name space of everything to default - getting an error from the ingress controller

W0720 14:13:56.721674 1 client_config.go:614] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
time="2021-07-20T14:13:56Z" level=info msg="version of kubernetes api-server: 1.16" api-server-host="https://10.96.0.1:443" git_commit=a17149e1a189050796ced469dbd78d380f2ed5ef git_tree_state=clean git_version=v1.16.9 major=1 minor=16 platform=linux/amd64
time="2021-07-20T14:13:56Z" level=fatal msg="failed to fetch publish-service: services \"kong-proxy\" not found" service_name=kong-proxy service_namespace=kong

This is the deployment definition

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: ingress-kong
  name: ingress-kong
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ingress-kong
  template:
    metadata:
      annotations:
        kuma.io/gateway: enabled
        prometheus.io/port: "8100"
        prometheus.io/scrape: "true"
        traffic.sidecar.istio.io/includeInboundPorts: ""
      labels:
        app: ingress-kong
    spec:
      volumes:
      - name: kong-plugin-dummy-header
        configMap:
          name: kong-plugin-dummy-header
      - name: kong-plugin-external-auth
        configMap:
          name: kong-plugin-external-auth
      containers:
      - image: kong:2.4
        name: proxy
        env:
        - name: KONG_PROXY_LISTEN
          value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2
        - name: KONG_PORT_MAPS
          value: 80:8000, 443:8443
        - name: KONG_ADMIN_LISTEN
          value: 127.0.0.1:8444 ssl
        - name: KONG_STATUS_LISTEN
          value: 0.0.0.0:8100
        - name: KONG_DATABASE
          value: "off"
        - name: KONG_NGINX_WORKER_PROCESSES
          value: "4"
        - name: KONG_ADMIN_ACCESS_LOG
          value: /dev/stdout
        - name: KONG_ADMIN_ERROR_LOG
          value: /dev/stderr
        - name: KONG_PROXY_ERROR_LOG
          value: /dev/stderr
        - name: KONG_PLUGINS
          value: bundled,dummy-header,external-auth
        - name: KONG_LUA_PACKAGE_PATH
          value: "/opt/?.lua;;"
        - name: KONG_NGINX_PROXY_CLIENT_MAX_BODY_SIZE
          value: '3m'
        volumeMounts:
        - name: kong-plugin-dummy-header
          mountPath: /opt/kong/plugins/dummy-header
        - name: kong-plugin-external-auth
          mountPath: /opt/kong/plugins/external-auth
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - kong quit
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /status
            port: 8100
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        ports:
        - containerPort: 8000
          name: proxy
          protocol: TCP
        - containerPort: 8443
          name: proxy-ssl
          protocol: TCP
        - containerPort: 8100
          name: metrics
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /status
            port: 8100
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
      - env:
        - name: CONTROLLER_KONG_ADMIN_URL
          value: https://127.0.0.1:8444
        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
          value: "true"
        - name: CONTROLLER_PUBLISH_SERVICE
          value: kong/kong-proxy
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: kong/kubernetes-ingress-controller:1.3
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: ingress-controller
        ports:
        - containerPort: 8080
          name: webhook
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
      serviceAccountName: kong-serviceaccount

The ingress controller has an environment variable definition for POD_NAMESPACE at the bottom

        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace

It doesn’t seem to respect it

This also seems to mean that if there is a plugin that makes an HTTP call to some service in the cluster, it needs to be in the same namespace - or, in the kong namespace in this case, is that accurate?


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ