I am using terraform helm provider to install helm package.
My current main.tf file
provider "helm" {
kubernetes {
config_path = pathexpand(var.kube_config)
}
}
provider "kubernetes" {
config_path = pathexpand(var.kube_config)
}
data "template_file" "test_values" {
template = file("./scripts/test-values.yml")
vars = {
NAMESPACE = "test"
}
}
resource "helm_release" "test" {
chart = "test"
name = "test"
repository = "."
namespace = "test"
values = [
data.template_file.test_values.rendered
]
}
Kubectl command output
kubectl get pods -n test
NAME READY STATUS RESTARTS AGE
test 0/1 Running 0 59m
Issue is "helm list" does not show any result.
My current version
helm version
Client: &version.Version{SemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
and terrafrom version -
provider registry.terraform.io/hashicorp/google v3.69.0
+ provider registry.terraform.io/hashicorp/helm v2.1.2
+ provider registry.terraform.io/hashicorp/kubernetes v2.2.0
Any reason why "helm list" does not show any output ?
Related
I started to learning terraform, I have installed terraform and docker desktop on my macbook.
I am following the quick start tutorial and got below error.
ERROR
╷
│ Error: Error pinging Docker server: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
│
│ with provider["registry.terraform.io/kreuzwerker/docker"],
│ on main.tf line 10, in provider "docker":
│ 10: provider "docker" {}
│
Docker status
❯ docker --version
Docker version 20.10.20, build 9fdeb9c
❯ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f6633f3b801e docker/getting-started "/docker-entrypoint.…" 2 minutes ago Up 2 minutes 0.0.0.0:80->80/tcp flamboyant_volhard
main.tf
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "~> 2.13.0"
}
}
}
provider "docker" {}
resource "docker_image" "nginx" {
name = "nginx:latest"
keep_locally = false
}
resource "docker_container" "nginx" {
image = docker_image.nginx.latest
name = "tutorial"
ports {
internal = 80
external = 8000
}
}
Issue has been resolved, solution available in this link
Based on the provider documentation [1] (as the error describes as well), you need to switch to the following:
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "~> 2.22.0"
}
}
}
provider "docker" {}
resource "docker_container" "nginx" {
image = docker_image.nginx.image_id
name = "tutorial"
ports {
internal = 80
external = 8000
}
}
resource "docker_image" "nginx" {
name = "nginx:latest"
keep_locally = false
}
The example from the tutorial is using a very old version of Docker provider. When you make these changes, make sure to run terraform init -upgrade prior to running terraform plan or terraform apply.
[1] https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/container#example-usage
I want to run Helm chart from Terraform script. I tried this:
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
source = "hashicorp/kubernetes"
version = "2.13.1"
}
kubectl = {
source = "gavinbunney/kubectl"
version = "1.14.0"
}
helm = {
source = "hashicorp/helm"
version = "2.6.0"
}
}
}
provider "kubectl" {
# run kubectl cluster-info to get expoint and port
host = "https://192.168.1.139:6443/"
token = "eyJhbG......."
insecure = "true"
}
provider "kubernetes" {
# run kubectl cluster-info to get expoint and port
host = "https://192.168.1.139:6443/"
token = "eyJhb...."
insecure = "true"
}
resource "kubernetes_namespace" "example" {
metadata {
annotations = {
name = "example-annotation"
}
labels = {
mylabel = "label-value"
}
name = "terraform-example-namespace"
}
}
resource "helm_release" "spring-helm-stg" {
name = "spring-helm-stg"
repository = "https://github.com/rcbandit111/terraform_helm_chart_poc/tree/main/helm/spring-helm-stg"
chart = "spring-helm-stg"
}
Full code: https://github.com/rcbandit111/terraform_helm_chart_poc
helm_release.spring-helm-stg: Creating...
╷
│ Error: could not download chart: looks like "https://github.com/rcbandit111/terraform_helm_chart_poc/tree/main/helm/spring-helm-stg" is not a valid chart repository or cannot be reached: failed to fetch https://github.com/rcbandit111/terraform_helm_chart_poc/tree/main/helm/spring-helm-stg/index.yaml : 404 Not Found
│
│ with helm_release.spring-helm-stg,
│ on main.tf line 48, in resource "helm_release" "spring-helm-stg":
│ 48: resource "helm_release" "spring-helm-stg" {
I created the helm chart using this command: helm create spring-helm-stg
But there is no file index.yaml
Full helm chart code: https://github.com/rcbandit111/terraform_helm_chart_poc/tree/main/helm/spring-helm-stg
Do you know how I can fix this?
First: your repository url is https://github.com/rcbandit111/terraform_helm_chart_poc (and NOT https://github.com/rcbandit111/terraform_helm_chart_poc/tree/main/helm/spring-helm-stg)
After fixing that, you should then place the index.yaml file at root level (instead of helm directory) and also - make it a valid one. That's also "kind of" important.
Because your repository is filled with sub-directories, lots of index files and seems pretty messed-up (it's OK to make experiments... it's also OK to delete irrelevant parts) you may consider rearranging everything in a new branch and merge it to master OR create a new better-organized repository.
RESPECT to #marko for the documentation link in the comment. Please use that when you are writing your repository's index file
Cheers
Downloaded this iam policy file and save it in the root path besides main.tf in Terraform:
https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.1/docs/install/iam_policy.json
Made this creation want to call the policy file
resource "aws_iam_policy" "worker_policy" {
name = "worker-policy"
policy = file("iam-policy.json")
}
The tflint got this error:
15:36:27 server.go:418: rpc: gob error encoding body: gob: type not registered for interface: tfdiags.diagnosticsAsError
Failed to check ruleset. An error occurred:
Error: Failed to check `aws_iam_policy_invalid_policy` rule: reading body EOF
I also tried this way, the same result:
policy = jsondecode(file("iam-policy.json"))
Did you use the latest version of tflint?
Because I've tried and everything was OK for me
There were my steps:
NOTE: tflint v0.31.0 and terraform v1.0.2
[1] wget https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.1/docs/install/iam_policy.json
[2] In my main.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}
provider "aws" {
region = "us-east-1"
}
resource "aws_iam_policy" "worker_policy" {
name = "worker-policy"
policy = file("iam_policy.json")
}
[3] Run terraform plan
[4] Have gotten
Terraform will perform the following actions:
# aws_iam_policy.worker_policy will be created + resource "aws_iam_policy" "worker_policy" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "worker-policy"
+ path = "/"
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "iam:CreateServiceLinkedRole",
+ "ec2:DescribeAccountAttributes",
+ "ec2:DescribeAddresses",
...
[5] Run tflint
~/Work/Other/test ❯ tflint --init
Plugin `aws` is already installed
~/Work/Other/test ❯ tflint
~/Work/Other/test ❯
I am trying to deploy the helm charts from ACR using the terraform-provider-helm but it fails with below error. Can someone please let me know if I am doing anything wrong because I am not able to understand why is this searching for mcpshareddcr-index.yaml ?
Terraform Version
0.12.18
Affected Resource(s)
helm_release
helm_repository
Terraform Configuration Files
# Cluster RBAC helm Chart repository
data "helm_repository" "cluster_rbac_helm_chart_repo" {
name = "mcpshareddcr"
url = "https://mcpshareddcr.azurecr.io/helm/v1/repo"
username = var.ARM_CLIENT_ID
password = var.ARM_CLIENT_SECRET
}
# Deploy Cluster RBAC helm chart onto the cluster
resource "helm_release" "cluster_rbac_helm_chart_release" {
name = "mcp-rbac-cluster"
repository = data.helm_repository.cluster_rbac_helm_chart_repo.metadata[0].name
chart = "mcp-rbac-cluster"
version = "0.1.0"
}
module usage:
provider "azurerm" {
version = "=1.36.0"
tenant_id = var.ARM_TENANT_ID
subscription_id = var.ARM_SUBSCRIPTION_ID
client_id = var.ARM_CLIENT_ID
client_secret = var.ARM_CLIENT_SECRET
skip_provider_registration = true
}
data "azurerm_kubernetes_cluster" "aks_cluster" {
name = var.aks_cluster
resource_group_name = var.resource_group_aks
}
locals {
kubeconfig_path = "/tmp/kubeconfig"
}
resource "local_file" "kubeconfig" {
filename = local.kubeconfig_path
content = data.azurerm_kubernetes_cluster.aks_cluster.kube_admin_config_raw
}
provider "helm" {
home = "./.helm"
kubernetes {
load_config_file = true
config_path = local.kubeconfig_path
}
}
// Module to deploy Stratus offered helmcharts in AKS cluster
module "mcp_resources" {
source = "modules\/helm\/mcp-resources"
ARM_CLIENT_ID = var.ARM_CLIENT_ID
ARM_CLIENT_SECRET = var.ARM_CLIENT_SECRET
ARM_SUBSCRIPTION_ID = var.ARM_SUBSCRIPTION_ID
ARM_TENANT_ID = var.ARM_TENANT_ID
}
Expected Behavior
Deploy of helm charts on AKS fetching from ACR.
Actual Behavior
Error: Looks like "***/helm/v1/repo" is not a valid chart repository or cannot be reached: open .helm/repository/cache/.helm/repository/cache/mcpshareddcr-index.yaml: no such file or directory
Steps to Reproduce
terraform plan
I am trying to install helm chart with Terraform Helm Provider using the following terraform script
I'm already succeed to use Kubernetes provider to deploy some k8s ressources, but it doesn't work with Helm
terraform v0.11.13
provider.helm v0.10
provider.kubernetes v1.9
provider "helm" {
alias = "prdops"
service_account = "${kubernetes_service_account.tiller.metadata.0.name}"
namespace = "${kubernetes_service_account.tiller.metadata.0.namespace}"
kubernetes {
host = "${google_container_cluster.prdops.endpoint}"
alias = "prdops"
load_config_file = false
username = "${google_container_cluster.prdops.master_auth.0.username}"
password = "${google_container_cluster.prdops.master_auth.0.password}"
client_certificate = "${base64decode(google_container_cluster.prdops.master_auth.0.client_certificate)}"
client_key = "${base64decode(google_container_cluster.prdops.master_auth.0.client_key)}"
cluster_ca_certificate = "${base64decode(google_container_cluster.prdops.master_auth.0.cluster_ca_certificate)}"
}
}
resource "kubernetes_service_account" "tiller" {
provider = "kubernetes.prdops"
metadata {
name = "tiller"
namespace = "kube-system"
}
}
resource "kubernetes_cluster_role_binding" "tiller" {
provider = "kubernetes.prdops"
metadata {
name = "tiller"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "tiller"
}
subject {
kind = "ServiceAccount"
name = "${kubernetes_service_account.tiller.metadata.0.name}"
namespace = "${kubernetes_service_account.tiller.metadata.0.namespace}"
api_group = ""
}
}
resource "helm_release" "jenkins" {
provider = "helm.prdops"
name = "jenkins"
chart = "stable/jenkins"
}
but I'm geting the following error
1 error(s) occurred:
* helm_release.jenkins: 1 error(s) occurred:
* helm_release.jenkins: rpc error: code = Unknown desc = configmaps is forbidden: User "system:serviceaccount:kube-system:default" cannot list configmaps in the namespace "kube-system"
Helm uses a server component (in Helm v2, they are getting rid of it in the new Helm v3) called tiller. In order for helm to function, tiller is assigned a service account to interact with the Kubernetes API. In this case it seems the service account of tiller has insufficient permissions to perform the operation.
Kindly check if tiller pod is running in kube-system namespace. If not reinstall helm and do helm init so that tiller pod comes up and I hope this issue will be resolved.