0

I've a microservice architecture running on baremetal kubernetes cluster.We've mainly two services out of which one is to be exposed publically whereas the other service is to be made available internally. I'm using ingress nginx to expose my service internally,but now i have to expose the other service also,so i thought of using another ingress controller for that. When i'm trying to deploy another ingress controller in different namespace,I'm getting error like :

Error: Failed to watch *v1.Endpoints: failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:ingress-nginx:ingress-nginx" cannot list resource "endpoints" in API group "" at the cluster scope

and my first ingress also stops working properly.

The ingress deployment yaml which i'm using is:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/baremetal/deploy.yaml

Whereas,the second ingress yaml which i'm using in another namespace is : https://github.com/wali97/second-ingress-controller.yaml/blob/main/ingress.yaml

wali
  • 1
  • 1
  • You shouldn't need multiple ingress controllers. The whole point of an ingress controller is that a single application will manage routing of ingress traffic to all your externally-facing services (i.e. those that have an Ingress resource defined). – user31601 Mar 03 '22 at 10:04
  • @user31601 I want to use multiple ingress concept because i do not want to route all the request from the same IP. I wish to keep separate routes for both the services. – wali Mar 03 '22 at 10:36
  • Fair enough. I expect the error has something to do with the fact that you're defining the same cluster role in both files (cluster roles are not namespaced). I don't know if reapplying the same role definition removes existing bindings (I would have hoped not), or maybe at some point you did a `kubectl delete -f`? Anyway, I think the first thing to try is to make sure that cluster role is only defined in one place. You can bind the same role to multiple service accounts. If you have a separate controller per namespace, it may be safer to just remove the cluster role and use a Role instead. – user31601 Mar 03 '22 at 10:53

0 Answers0