## Summary Hi there, I use (bare metal) Kubernetes with Rancher 2.1.7 and try to implement the AutoDevOps feature. *(I must not have to use Auto-DevOps if any other solution would work like custom .gitlab-ci.yml)* ## Steps to reproduce 1. Create a Rancher server on a bare metal machine - docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher -d --acme-domain=mysub.domain.com - Spin up 3 nodes (on a bare metal provider like Hetzner, Linode,...) - a.) *(see "Configuration used"-chapter)* 2. Connect Gitlab to you K8s cluster - For an easy and fast connection check out my gist (https://gist.github.com/exocode/e5058c06faf02ba94f57b067b9b7f5a0) - After creating your cluster in Gitlab , install Tiller, Ingress, Cert-Manager and GitLab Runner by clicking the "install" buttons. 3. Push your code (or use a Gitlab template), wait for deployment finished. ## Configuration used a.) I am not sure if I have to do the following step when I deploy nginx-ingress through Gitlabs "one-click"-installation. Normally, (before I used Gitlab at all) I created a deployment with the `nginx-Ingress` helm chart by using the following command. `helm install –name ingress –namespace ingress –set`... *Ingress via hostNetwork* ``` rbac.create=true controller.kind=DaemonSet #important controller.service.type=ClusterIP controller.hostNetwork=true #important controller.nodeSelector.role=edge ``` *Or Ingress via externalIPs* ``` rbac.create=true controller.kind=DaemonSet #important controller.service.type=ClusterIP controller.service.externalIPs[0]=MY_IP_ADDRESS #important controller.nodeSelector.role=edge ``` I use a custom Helm chart (https://github.com/exocode/helm-charts/tree/master/hetzner-failover-ip) which points my dynamic (Hetzner) IP to the node with the label "role=edge" and assigns the network settings accordingly on that node. So I am able to call that node through my domain. ## Current behavior Everything looks fine (no errors so far), except the `ingress-nginx-ingress-controller`-Deployment and -Service keeps in "Pending" state. Also, the LetsEncrypt cert is valid and I can request my url which ends in a `503` error. (503 Service Temporarily Unavailable nginx/1.13.8) ## Expected behavior `ingress-nginx-ingress-controller`-Deployment and -Service should be "Active" and app workload should be available ## Versions - Chart: (tagged version | branch | hash `git rev-parse HEAD`) - Platform: - Cloud: (Hetzner cloud) https://www.hetzner.com/cloud - Self-hosted: (Rancher 2.1.7) - Kubernetes: (`kubectl version`) - Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.4", GitCommit:"c27b913fddd1a6c480c229191a087698aa92f0b1", GitTreeState:"clean", BuildDate:"2019-03-01T23:36:43Z", GoVersion:"go1.12", Compiler:"gc", Platform:"darwin/amd64"} - Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.4", GitCommit:"c27b913fddd1a6c480c229191a087698aa92f0b1", GitTreeState:"clean", BuildDate:"2019-02-28T13:30:26Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"} - Helm: (`helm version`) - Client: &version.Version{SemVer:"v2.13.0", GitCommit:"79d07943b03aea2b76c12644b4b54733bc5958d6", GitTreeState:"clean"} - Server: &version.Version{SemVer:"v2.13.0", GitCommit:"79d07943b03aea2b76c12644b4b54733bc5958d6", GitTreeState:"clean"} ## Relevant logs ``` kubectl get all -n ingress-nginx  1 ↵ NAME READY STATUS RESTARTS AGE pod/default-http-backend-7f8fbb85db-lwkw2 1/1 Running 0 13h pod/nginx-ingress-controller-6kc86 1/1 Running 0 13h pod/nginx-ingress-controller-lhrrp 1/1 Running 0 13h pod/nginx-ingress-controller-sjt4g 1/1 Running 0 7h42m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/default-http-backend ClusterIP 10.43.92.161 <none> 80/TCP 13h NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/nginx-ingress-controller 3 3 3 3 3 <none> 13h NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/default-http-backend 1/1 1 1 13h NAME DESIRED CURRENT READY AGE replicaset.apps/default-http-backend-7f8fbb85db 1 1 1 13h janjezek   …/github/nodejs-debugging    3824b219  master   1  kubectl get all -n gitlab-managed-apps  ✔ NAME READY STATUS RESTARTS AGE pod/certmanager-cert-manager-6df979599b-97bmc 1/1 Running 0 7h27m pod/ingress-nginx-ingress-controller-7cf6944677-fxtgn 1/1 Running 0 7h41m pod/ingress-nginx-ingress-default-backend-7f7bf55777-fqjwj 1/1 Running 0 7h41m pod/runner-gitlab-runner-669ffbb846-mv9bv 1/1 Running 0 7h pod/tiller-deploy-7cbfdc5df7-7hxfq 1/1 Running 0 7h43m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/ingress-nginx-ingress-controller LoadBalancer 10.43.39.220 <pending> 80:32180/TCP,443:30277/TCP 7h41m service/ingress-nginx-ingress-controller-stats ClusterIP 10.43.45.143 <none> 18080/TCP 7h41m service/ingress-nginx-ingress-default-backend ClusterIP 10.43.37.28 <none> 80/TCP 7h41m service/tiller-deploy ClusterIP 10.43.179.38 <none> 44134/TCP 7h43m NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/certmanager-cert-manager 1/1 1 1 7h27m deployment.apps/ingress-nginx-ingress-controller 1/1 1 1 7h41m deployment.apps/ingress-nginx-ingress-default-backend 1/1 1 1 7h41m deployment.apps/runner-gitlab-runner 1/1 1 1 7h deployment.apps/tiller-deploy 1/1 1 1 7h43m NAME DESIRED CURRENT READY AGE replicaset.apps/certmanager-cert-manager-6df979599b 1 1 1 7h27m replicaset.apps/ingress-nginx-ingress-controller-7cf6944677 1 1 1 7h41m replicaset.apps/ingress-nginx-ingress-default-backend-7f7bf55777 1 1 1 7h41m replicaset.apps/runner-gitlab-runner-669ffbb846 1 1 1 7h replicaset.apps/tiller-deploy-7cbfdc5df7 1 1 1 7h43m ``` 1. Is the ingress-controller installed by Gitlab a replacement to my "old" approach or are they running side-by-side? 2. This "one-click"-installation looks a little bit like magic to me. I don't know how to modify the Gitlab installed nginx-ingress to `controller.kind=DaemonSet` or `controller.hostNetwork=true` *(like I did regularly with `helm install`)*. 3. - Are these settings made somewhere in the `configMaps`? - Or do I have to do this by helm? 4. Or do I have to customize my own `.gitlab-ci.yml` file (maybe from the Auto-DevOps example)? Sorry for that maybe awkwardness questions. Thank you very much in advance