veerI visited the project app-identity-and-access-adapter and I want to check it inside a Kubernetes Microservices project.
The installation app-identity-and-access-adapter to a IBM Cloud Kubernetes Cluster did not work.
a) Adding repository works:
cloud-native-starter % helm repo add appidentityandaccessadapter https://raw.githubusercontent.com/ibm-cloud-security/app-identity-and-access-adapter/master/helm/appidentityandaccessadapter
"appidentityandaccessadapter" has been added to your repositories
b) Installation does not work:
cloud-native-starter % helm install --name appidentityandaccessadapter appidentityandaccessadapter/appidentityandaccessadapter
Error: secrets "appidentityandaccessadapter-cookie-sig-enc-keys" is forbidden: User "system:serviceaccount:kube-system:default" cannot delete resource "secrets" in API group "" in the namespace "istio-system"
I searched on the internet to find a solution, but I wasn't successful.
I was pointed to here to ask for help by the documentation.
The environment:
Free IBM Cloud Kubernetes Cluster
Kubernetes Versions:
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.0", GitCommit:"2bd9643cee5b3b3a5ecbd3af49d09018f0773c77", GitTreeState:"clean", BuildDate:"2019-09-18T14:36:53Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.9+IKS", GitCommit:"405ef9ab782f5b51dff56dabe3628585d99afbfa", GitTreeState:"clean", BuildDate:"2019-11-13T21:34:44Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
Istio on Kubernetes: 1.4
Helm:
Client: &version.Version{SemVer:"v2.15.2", GitCommit:"8dce272473e5f2a7bf58ce79bb5c3691db54c96b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.15.2", GitCommit:"8dce272473e5f2a7bf58ce79bb5c3691db54c96b", GitTreeState:"clean"}
Now I was able to install.
Step 1:
I change the version of the helm installation from v2.15.2 to version.BuildInfo{Version:"v3.0.1", GitCommit:"7c22ef9ce89e0ebeb7125ba2ebf7d421f3e82ffa", GitTreeState:"clean", GoVersion:"go1.13.4"}
Step 2: set the Kubernetes namespace to istio-system
$ kubectl config set-context --current --namespace=istio-system
Step 3:
I did not use the documented statement, which is not valid for helm version v3.0.1
helm install --name appidentityandaccessadapter ....
I used following statment:
helm install appidentityandaccessadapter ....
Then it was possible to install the appidentityandaccessadapter:
$ helm install appidentityandaccessadapter appidentityandaccessadapter/appidentityandaccessadapter
NAME: appidentityandaccessadapter
LAST DEPLOYED: Fri Dec 13 11:39:10 2019
NAMESPACE: istio-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
App Identity and Access Adapter installed successfully!
By the way:
You should know, you can also find the installation steps in the IBM AppID
Service Documentation
Related
I have a GitLab pipeline to deploy a Kubernetes cluster using Terraform on Azure.
The first time I used the pipeline everything went fine. Once I finished doing my tests I ran the destroy phase and everything was destroyed.
Yesterday I reran the pipeline to create the cluster, all the stages went well except the last that installs the nginx-ingress using helm.
install_nginx_ingress:
stage: install_dependencies
image: alpine/helm:3.1.1
script:
- helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
- helm repo update
- >
helm install nginx-ingress ingress-nginx/ingress-nginx
--namespace default
--set controller.replicaCount=2
dependencies:
- apply
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $PHASE == "DEPLOY"
When this stage is executed, this is what I have in the GitLab console:
$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
"ingress-nginx" has been added to your repositories
$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "ingress-nginx" chart repository
Update Complete. ⎈ Happy Helming!⎈
$ helm install nginx-ingress ingress-nginx/ingress-nginx --namespace default --set controller.replicaCount=2
Error: rendered manifests contain a resource that already exists.
Unable to continue with install: could not get information about the resource: poddisruptionbudgets.policy "nginx-ingress-ingress-nginx-controller" is forbidden: User "system:serviceaccount:gitlab-managed-apps:default" cannot get resource "poddisruptionbudgets" in API group "policy" in the namespace "default"
Cleaning up project directory and file based variables
ERROR: Job failed: command terminated with exit code 1
What Is happening !?
Check this error line. This explain the issue.
Unable to continue with install: could not get information about the resource: poddisruptionbudgets.policy "nginx-ingress-ingress-nginx-controller" is forbidden: User "system:serviceaccount:gitlab-managed-apps:default" cannot get resource "poddisruptionbudgets" in API group "policy" in the namespace "default"
Your nginx-ingress-ingress-nginx-controller does not have RBAC permission for get operation on poddisruptionbudgets resource.
Look like kubernetes/ingress-nginx chart has PodDisruptionBudget defined but the ClusterRole does not include any permission for poddisruptionbudgets resource.
I am trying to install the ingress on a new azure kuberenetes cluster but it is giving following error:-
helm install germanyingress ingress-nginx --namespace test --set controller.replicaCount=2 --set controller.scope.enabled=true --set controller.service.loadBalancerIP="*******" --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-internal"="true"
WARNING: "kubernetes-charts.storage.googleapis.com" is deprecated for "stable" and will be deleted Nov. 13, 2020.
WARNING: You should switch to "https://charts.helm.sh/stable"
Error: failed to download "ingress-nginx" (hint: running `helm repo update` may help)
I already tried many ways but no luck.
The warning message is very clear, you're using a Helm repo that is deprecated.
Remove it using
helm repo remove germanyingress
Add the Kubernetes one
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
or the one from Nginx
helm repo add nginx-stable https://helm.nginx.com/stable
helm repo update
We are using docker swarm for windows and have several swarms. Most of them works great, but when making a new one, we are now currently failing the docker login. The code used to login is:
echo "$(acrPassword)" | docker login --username $(acrUsername) --password-stdin $(acrServer)
This line works perfectly well on other swarms, but on this new one, it fails with the following error:
[error]docker : Error response from daemon: Get https://myaccount.azurecr.io/v2/: unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.
here is the result from docker version:
Server: Docker Engine - Enterprise
Engine:
Version: 19.03.5
API version: 1.40 (minimum version 1.24)
Go version: go1.12.12
Git commit: 2ee0c57608
Built: 11/13/2019 07:58:51
OS/Arch: windows/amd64
Experimental: false
Edit: Found the issue, it was an older version of windows. Changed the Windows verison and fixed the issue.
Have you tried to login in to your ACR using the Azure CLI?
az acr login --name acrServer
I'v installed minikube and helm on my system run vm, and tried to deploy jenkins
MacBook-Pro% helm install stable/jenkins
NAME: quelling-dachshund
Error: getting deployed release "quelling-dachshund": release: "quelling-dachshund" not found
Seems like an error but Kubectl can see the deployment after this error first in Init:0/1 and then running- any ideas why it flops on the install part ?
btw:
$ helm list --all
Error: the server was unable to return a response in the time allotted, but may still be processing the request (get pods)```
$ helm list
Error: Get https://192.168.64.4:8443/api/v1/namespaces/kube-system/pods?labelSelector=app%3Dhelm%2Cname%3Dtiller: net/http: TLS handshake timeout
any idea how to resolve the error
Update ***
It all comes down to minikube error which I dont understand - btw. this is just after fresh minikube start
$ kubectl create serviceaccount --namespace kube-system tiller --insecure-skip-tls-verify=true
serviceaccount/tiller created
$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller --insecure-skip-tls-verify=true
clusterrolebinding.rbac.authorization.k8s.io/tiller-cluster-rule created
$ helm init --service-account tiller --upgrade
$HELM_HOME has been configured at /Users/rwalas/.helm.
Error: error installing: the server could not find the requested resource
$ rm -rf ~/.helm
$ helm init --service-account tiller --upgrade
Creating /Users/rwalas/.helm
Creating /Users/rwalas/.helm/repository
Creating /Users/rwalas/.helm/repository/cache
Creating /Users/rwalas/.helm/repository/local
Creating /Users/rwalas/.helm/plugins
Creating /Users/rwalas/.helm/starters
Creating /Users/rwalas/.helm/cache/archive
Creating /Users/rwalas/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /Users/<user>/.helm.
Error: error installing: the server could not find the requested resource
I have minikube and kubectl installed:
$ minikube version
minikube version: v1.4.0
commit: 7969c25a98a018b94ea87d949350f3271e9d64b6
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.0", GitCommit:"2bd9643cee5b3b3a5ecbd3af49d09018f0773c77", GitTreeState:"clean", BuildDate:"2019-09-18T14:36:53Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.0", GitCommit:"2bd9643cee5b3b3a5ecbd3af49d09018f0773c77", GitTreeState:"clean", BuildDate:"2019-09-18T14:27:17Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}
I have then followed the instructions from https://helm.sh/docs/using_helm/:
I have downloaded https://get.helm.sh/helm-v2.13.1-linux-amd64.tar.gz
I have run
$ tar -xzvf Downloads/helm-v2.13.1-linux-amd64.tar.gz linux-amd64/
linux-amd64/LICENSE
linux-amd64/tiller
linux-amd64/helm
linux-amd64/README.md
But now, if I check my helm version, I get this:
$ helm version
Client: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}
Error: could not find tiller
I have tried running helm init, but get the following:
$ helm init
$HELM_HOME has been configured at /home/SERILOCAL/<my-username>/.helm.
Error: error installing: the server could not find the requested resource
How can I get helm to initialise correctly?
The current helm version does not work with kubernetes version 1.16.0
You can downgrade kubernetes to version 1.15.3
minikube start --kubernetes-version 1.15.3
helm init
or use my solution to fix it at version 1.16.0
You have to create tiller Service Account and ClusterRoleBinding.
You can simply do that by using those commands:
kubectl --namespace kube-system create sa tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
And simply create tiller
helm init --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm' --output yaml | sed 's#apiVersion: extensions/v1beta1#apiVersion: apps/v1#' | kubectl apply -f -
I met with the same problem, #shawndodo showed me this https://github.com/helm/helm/issues/6374#issuecomment-533427268
helm init --service-account tiller --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm' --output yaml | sed 's#apiVersion: extensions/v1beta1#apiVersion: apps/v1#' | kubectl apply -f -
you can try this one.
(Posted on this question)