地形-AKS私有云|无限等待掌舵放松 我正试图用Terraform在AKS上创建一个私有云 公共路线看起来很好,我正在一步一步地安装安全设备 在加入网络azurerm_虚拟网络后,azurerm_子网似乎由我来掌控部署 没有日志,只是无限的等待 helm_release.ingress:仍在创建。。。[11m0s已过](这是一个简单的NGINX入口控制器)
我该如何调试它?缺少日志使其难以理解。地形-AKS私有云|无限等待掌舵放松 我正试图用Terraform在AKS上创建一个私有云 公共路线看起来很好,我正在一步一步地安装安全设备 在加入网络azurerm_虚拟网络后,azurerm_子网似乎由我来掌控部署 没有日志,只是无限的等待 helm_release.ingress:仍在创建。。。[11m0s已过](这是一个简单的NGINX入口控制器),terraform,azure-aks,Terraform,Azure Aks,我该如何调试它?缺少日志使其难以理解。 全本 provider "azurerm" { features {} } resource "azurerm_resource_group" "foo" { name = "${var.prefix}-k8s-resources" location = var.location } resource "azurerm_kubernetes_cluster" "foo" { name = "${v
全本
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "foo" {
name = "${var.prefix}-k8s-resources"
location = var.location
}
resource "azurerm_kubernetes_cluster" "foo" {
name = "${var.prefix}-k8s"
location = azurerm_resource_group.foo.location
resource_group_name = azurerm_resource_group.foo.name
dns_prefix = "${var.prefix}-k8s"
default_node_pool {
name = "system"
node_count = 1
vm_size = "Standard_D4s_v3"
}
identity {
type = "SystemAssigned"
}
addon_profile {
aci_connector_linux {
enabled = false
}
azure_policy {
enabled = false
}
http_application_routing {
enabled = false
}
kube_dashboard {
enabled = true
}
oms_agent {
enabled = false
}
}
}
provider "kubernetes" {
version = "~> 1.11.3"
load_config_file = false
host = azurerm_kubernetes_cluster.foo.kube_config.0.host
username = azurerm_kubernetes_cluster.foo.kube_config.0.username
password = azurerm_kubernetes_cluster.foo.kube_config.0.password
cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.foo.kube_config.0.cluster_ca_certificate)
}
provider "helm" {
# Use provider with Helm 3.x support
version = "~> 1.2.2"
}
resource "null_resource" "configure_kubectl" {
provisioner "local-exec" {
command = "az aks get-credentials --resource-group ${azurerm_resource_group.foo.name} --name ${azurerm_kubernetes_cluster.foo.name} --overwrite-existing"
environment = {
KUBECONFIG = ""
}
}
depends_on = [azurerm_kubernetes_cluster.foo]
}
resource "helm_release" "ingress" {
name = "ingress-foo"
repository = "https://kubernetes.github.io/ingress-nginx"
chart = "ingress-nginx"
timeout = 3000
depends_on = [null_resource.configure_kubectl]
}
调试此功能的最佳方法是能够
kubectl
进入AKS集群。(AKS应该有关于如何设置kubectl
的文档)
然后,玩一下kubectl get pods-A
,看看是否有什么东西是错的。具体而言,查找未处于运行状态的nginx入口吊舱
如果存在此类pod,请使用
kubectl Descripte pod
或kubectl logs-f
进行进一步调试,这取决于问题是否发生在容器成功启动后。您从何处运行terraform脚本?您是否可以共享完整的精简terraform脚本?设置网络时,似乎正在切断对API服务器的访问。因此,您的Helm提供者失去了访问权限OK我将进行编辑以共享完整的代码片段。我是从AKS默认终端(cloud shell)运行的,我所指的脚本似乎已经完成。得到了一个更完整的参考资料。我刚才提到的脚本似乎已经完成了。有更完整的参考资料。
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "foo" {
name = "${var.prefix}-k8s-resources"
location = var.location
}
resource "azurerm_kubernetes_cluster" "foo" {
name = "${var.prefix}-k8s"
location = azurerm_resource_group.foo.location
resource_group_name = azurerm_resource_group.foo.name
dns_prefix = "${var.prefix}-k8s"
default_node_pool {
name = "system"
node_count = 1
vm_size = "Standard_D4s_v3"
}
identity {
type = "SystemAssigned"
}
addon_profile {
aci_connector_linux {
enabled = false
}
azure_policy {
enabled = false
}
http_application_routing {
enabled = false
}
kube_dashboard {
enabled = true
}
oms_agent {
enabled = false
}
}
}
provider "kubernetes" {
version = "~> 1.11.3"
load_config_file = false
host = azurerm_kubernetes_cluster.foo.kube_config.0.host
username = azurerm_kubernetes_cluster.foo.kube_config.0.username
password = azurerm_kubernetes_cluster.foo.kube_config.0.password
cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.foo.kube_config.0.cluster_ca_certificate)
}
provider "helm" {
# Use provider with Helm 3.x support
version = "~> 1.2.2"
}
resource "null_resource" "configure_kubectl" {
provisioner "local-exec" {
command = "az aks get-credentials --resource-group ${azurerm_resource_group.foo.name} --name ${azurerm_kubernetes_cluster.foo.name} --overwrite-existing"
environment = {
KUBECONFIG = ""
}
}
depends_on = [azurerm_kubernetes_cluster.foo]
}
resource "helm_release" "ingress" {
name = "ingress-foo"
repository = "https://kubernetes.github.io/ingress-nginx"
chart = "ingress-nginx"
timeout = 3000
depends_on = [null_resource.configure_kubectl]
}