Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ingress guide for setting up an ingress controller doesn't work #3887

Open
slocoro opened this issue Mar 5, 2025 · 5 comments
Open

Ingress guide for setting up an ingress controller doesn't work #3887

slocoro opened this issue Mar 5, 2025 · 5 comments
Labels
area/provider/podman Issues or PRs related to podman kind/documentation Categorizes issue or PR as related to documentation.

Comments

@slocoro
Copy link

slocoro commented Mar 5, 2025
edited
Loading

Environment

kind version: kind v0.26.0 go1.23.4 darwin/amd64

podman info output 
Client:
  APIVersion: 5.4.0
  BuildOrigin: brew
  Built: 1739290083
  BuiltTime: Tue Feb 11 16:08:03 2025
  GitCommit: ""
  GoVersion: go1.23.6
  Os: darwin
  OsArch: darwin/amd64
  Version: 5.4.0
host:
  arch: amd64
  buildahVersion: 1.38.1
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.12-3.fc41.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: '
  cpuUtilization:
    idlePercent: 99.54
    systemPercent: 0.25
    userPercent: 0.21
  cpus: 6
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: coreos
    version: "41"
  eventLogger: journald
  freeLocks: 2014
  hostname: localhost.localdomain
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.12.7-200.fc41.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 61931520
  memTotal: 2048581632
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.13.1-1.fc41.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.13.1
    package: netavark-1.13.1-1.fc41.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.13.1
  ociRuntime:
    name: crun
    package: crun-1.19.1-1.fc41.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.19.1
      commit: 3e32a70c93f5aa5fea69b50256cca7fd4aa23c80
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20241211.g09478d5-1.fc41.x86_64
    version: |
      pasta 0^20241211.g09478d5-1.fc41.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: unix:///run/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.3.1-1.fc41.x86_64
    version: |-
      slirp4netns version 1.3.1
      commit: e5e368c4f5db6ae75c2fce786e31eef9da6bf236
      libslirp: 4.8.0
      SLIRP_CONFIG_VERSION_MAX: 5
      libseccomp: 2.5.5
  swapFree: 0
  swapTotal: 0
  uptime: 65h 28m 56.00s (Approximately 2.71 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 31
    paused: 0
    running: 1
    stopped: 30
  graphDriverName: overlay
  graphOptions:
    overlay.imagestore: /usr/lib/containers/storage
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 106521055232
  graphRootUsed: 55414169600
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "true"
    Supports volatile: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 411
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 5.3.2
  Built: 1737504000
  BuiltTime: Wed Jan 22 00:00:00 2025
  GitCommit: ""
  GoVersion: go1.23.4
  Os: linux
  OsArch: linux/amd64
  Version: 5.3.2

OS: macos 15.3.1

kubectl version output 
Client Version: v1.32.1
Kustomize Version: v5.5.0
Server Version: v1.32.0

What happened

I've tried following this guide to set up an ingress controller but it doesn't seem to work.

Here are the commands I ran (from the docs),

  • create kind cluster
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 80
    hostPort: 80
    protocol: TCP
  - containerPort: 443
    hostPort: 443
    protocol: TCP
EOF
  • set up ingress
kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml
  • check if set up ran fine
- kubectl wait --namespace ingress-nginx \
  --for=condition=ready pod \
  --selector=app.kubernetes.io/component=controller \
  --timeout=90s
  • create pods and services to test ingress
kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/usage.yaml

I can't curl the services for some reason.

This is what I see in the ingress-nginx-controller logs:

I0305 18:47:08.389766      14 event.go:377] Event(v1.ObjectReference{Kind:"Pod", Namespace:"ingress-nginx", Name:"ingress-nginx-controller-696d4c4c5-n7jfd", UID:"796cac88-9bf1-4edd-aba8-7d2b69e06a34", APIVer
sion:"v1", ResourceVersion:"480", FieldPath:""}): type: 'Normal' reason: 'RELOAD' NGINX reload triggered due to a change in configuration
2025/03/05 18:47:08 [alert] 241#241: pthread_create() failed (11: Resource temporarily unavailable)
2025/03/05 18:47:08 [alert] 243#243: pthread_create() failed (11: Resource temporarily unavailable)
2025/03/05 18:47:08 [alert] 244#244: pthread_create() failed (11: Resource temporarily unavailable)
2025/03/05 18:47:08 [alert] 240#240: pthread_create() failed (11: Resource temporarily unavailable)
2025/03/05 18:47:08 [alert] 31#31: worker process 240 exited with fatal code 2 and cannot be respawned
2025/03/05 18:47:08 [alert] 31#31: worker process 241 exited with fatal code 2 and cannot be respawned
2025/03/05 18:47:08 [alert] 31#31: worker process 243 exited with fatal code 2 and cannot be respawned
2025/03/05 18:47:08 [alert] 31#31: worker process 244 exited with fatal code 2 and cannot be respawned
W0305 18:47:11.677933      14 controller.go:1215] Service "default/foo-service" does not have any active Endpoint.
W0305 18:47:11.678006      14 controller.go:1215] Service "default/bar-service" does not have any active Endpoint.
W0305 18:47:16.073578      14 controller.go:1215] Service "default/bar-service" does not have any active Endpoint.
I0305 18:47:55.138439      14 status.go:304] "updating Ingress status" namespace="default" ingress="example-ingress" currentValue=null newValue=[{"hostname":"localhost"}]
I0305 18:47:55.144408      14 event.go:377] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"example-ingress", UID:"0e68af7c-2b0b-48b4-9166-f62948bb7631", APIVersion:"networking.k8s.io/v1"
, ResourceVersion:"708", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync

It seems like it can't find the services even though when I check the services are running.

What do you expect to happen?

I expect to be able to curl the pods from my laptop.

EDIT: formatting/add info
@slocoro slocoro added the kind/documentation Categorizes issue or PR as related to documentation. label Mar 5, 2025
@BenTheElder
Copy link
Member

There's some fields/questions in the "bug" issue type that give us more info about your environment (for example it's pretty plausible that this bug is podman specific, but we don't know what version / os / config you're using for that)

Can you share those?

https://github.com/kubernetes-sigs/kind/blob/main/.github/ISSUE_TEMPLATE/bug-report.md

Especially podman info and kind version

@BenTheElder BenTheElder added the area/provider/podman Issues or PRs related to podman label Mar 5, 2025
@BenTheElder
Copy link
Member

Also, if this is rootless podman, have you seen https://kind.sigs.k8s.io/docs/user/rootless/ ?

@BenTheElder
Copy link
Member

And #3451

@slocoro
Copy link
Author

slocoro commented Mar 5, 2025

Also, if this is rootless podman, have you seen https://kind.sigs.k8s.io/docs/user/rootless/ ?

Not using rootless/

@BenTheElder
Copy link
Member

I see you're on macOS, it may be a limitation of the podman machine environment, similar to the pid limit in rootless.

kind doesn't override the pid limits with any particular amount (how would we know what is appropriate?) but nginx needs to fork.

I suspect this is a variation on the rootless issue, you might try configuring the podman pid limit.

(also can you re-paste podman info into a code block so it retains the formatting? it's hard to read without the structure https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/provider/podman Issues or PRs related to podman kind/documentation Categorizes issue or PR as related to documentation.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BenTheElder @slocoro