I am trying to install letsencrypt with helm.
i tried using helm with this few days before and it works successfully well with my earlier installation.
i used following approach
helm install with createcustoresource=false
helm install --name cert-manager --namespace kube-system --set createCustomResource=false --set rbac.create=true stable/cert-manager --set ingressShim.extraArgs='{--default-issuer-name=letsencrypt-prod,--default-issuer-kind=ClusterIssuer}'
in logs it clearly indicates that it does not create custom resources like certificates,clusterissuer,issuers
when i executed following command( with createCustomResource=true )i expect helm should create These custom issuers not created earlier.
helm upgrade --install --namespace kube-system cert-manager stable/cert-manager --set createCustomResource=true --set rbac.create=true --set ingressShim.extraArgs='{--default-issuer-name=letsencrypt-prod,--default-issuer-kind=ClusterIssuer}'
not sure if i am missing something
custom resources can be creating using helm with this command:
helm upgrade cert-manager --install --namespace kube-system stable/cert-manager --set createCustomResource=true,rbac.create=true --version 0.4.0
Related
Kubernetes version : 1.22.6
previously deployed ingress controller through Terraform using chart https://kubernetes.github.io/ingress-nginx.
While starting the ingress controller we keep getting the below error message in job ingress-Nginx-admission-create and not starting the ingress controller
{
"err": "Get \"https://192.168.64.1:443/api/v1/namespaces/ingress-nginx/secrets/ingress-nginx-admission\": EOF",
"level": "fatal",
"msg": "error getting secret",
"source": "k8s/k8s.go:232",
"time": "2022-06-30T22:03:16Z"
}
I tried a couple of options to delete and re-create ingress-controller using the below command directly but no luck.
helm upgrade --install \
ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
--debug \
--version="4.1.1" # tried with latest version too
Any help, please.
In order to resolve it, you should try the following:
Quote your values when you install it (TF vars. i assume)
Allow port 443 to the API server IP address/FQDN.
Reprovisioned your Service CIDR within the same network (as a subnet) as the nodes
Suggestion based upon your update
--set controller.hostNetwork=true
Add the above line to your command
helm upgrade \
ingress-nginx ingress-nginx \
--install \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
--debug \
--version="4.1.1" \
--set controller.hostNetwork=true
I had many dns records in my dns-zone in azure and i need to use External-dns to automate dns record creation/deletion but i need to filter by labels whene external-dns found other label in the aks ingrees than this one below he musn't touch it :
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sample-rule
labels:
ingress: externaldns
annotations:
kubernetes.io/ingress.class: "nginx"
ingress: "externaldns"
the Helm command :
helm install external-dns-frontend-sint bitnami/external-dns \
--wait \
--namespace externaldns \
--set txtOwnerId=az-frontend-aks\
--set provider=azure \
--set azure.resourceGroup=az-tools \
--set txtOwnerId=az-frontend-ak \
--set azure.tenantId=xxxxxxxxxxxxxxxxxxxxxxx \
--set azure.subscriptionId=xxxxxxxxxxxxxxxxxxxxxxxx \
--set azure.aadClientId=xxxxxxxxxxxxxxxxx \
--set azure.aadClientSecret=xxxxxxxxxxxxxxx \
--set azure.cloud=AzurePublicCloud \
--set policy=sync \
--set labelfilter=”ingre=externaldns” \
--set annotationfilter=”ingress=externaldns” \
--set domainFilters={azdns.test.com}
i need to know how can i use this argument with Bitnami/external-dns chart to activate the label filter please.
any help please
Last : the filter doesn't work he created all record from the ingress in the same namespace
• You can use the label filter command with bitnami external dns charts as below to filter out the labels which are not passed as aks ingress in external dns.
‘ $helm install my-release -f values.yaml bitnami/external-dns ‘
In the values.yaml file, specify the label filter and annotation filter parameters as below: -
labelfilter: “ingress: ‘externaldns’”
annotationfilter: “ingress: ‘externaldns’”
OR
‘ $helm install my-release \
--set-labelfilter=”ingress=externaldns” \
--set-annotationfilter=”ingress=externaldns” \
bitnami/external-dns ’
Also, please take into consideration that ‘annotation filter’ filters sources managed by external-dns via annotation using label selector while the ‘label filter’ only selects sources managed by external-dns using the label selector. Thus, filtering based on annotation means that the external-dns controller will receive all resources of that kind and then filter on the client-side. In larger clusters with many resources which change frequently this can cause performance issues. If only some resources need to be managed by an instance of external-dns then label filtering can be used instead of annotation filtering. This means that only those resources which match the selector specified in ‘--label-filter’ will be passed to the controller.
Please find the below links for reference: -
https://github.com/kubernetes-sigs/external-dns/blob/master/docs/faq.md#running-an-internal-and-external-dns-service
https://github.com/bitnami/charts/tree/master/bitnami/external-dns/#external-dns-parameters
there was two issues :
mistake in the annotation filter, filter must be in capital letter
annotationFilter: “ingress: externaldns”
The label filter is a new feature must be used in the new Helm chart version 5.5.1
I have a AKS and ACR, and attached the ACR successfully with my AKS using
az aks update -n <AKSNAME> -g <RESOURCE> --attach-acr <ACRNAME>
Yet, when I run the command below from this how-to-guide, I get a Error: failed pre-install: timed out waiting for the condition. Upon further investigating with kubectl get events, I find that the images I pull from ACR are failing due to authorization: failed to authorize: failed to fetch anonymous token: unexpected status: 401 Unauthorized.
helm install nginx-ingress ingress-nginx/ingress-nginx \
--namespace ingress-basic \
--set controller.replicaCount=2 \
--set controller.nodeSelector."kubernetes\.io/os"=linux \
--set controller.image.registry=$ACR_URL \
--set controller.image.image=$CONTROLLER_IMAGE \
--set controller.image.tag=$CONTROLLER_TAG \
--set controller.image.digest="" \
--set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux \
--set controller.admissionWebhooks.patch.image.registry=$ACR_URL \
--set controller.admissionWebhooks.patch.image.image=$PATCH_IMAGE \
--set controller.admissionWebhooks.patch.image.tag=$PATCH_TAG \
--set defaultBackend.nodeSelector."kubernetes\.io/os"=linux \
--set defaultBackend.image.registry=$ACR_URL \
--set defaultBackend.image.image=$DEFAULTBACKEND_IMAGE \
--set defaultBackend.image.tag=$DEFAULTBACKEND_TAG \
--set controller.service.loadBalancerIP=$STATIC_IP \
--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"=$DNS_LABEL
I find this very strange, cause I have the images in my ACR, and I have successfully authenticated ACR with AKS.
I run everything from the Azure CLI, Helm version 3.4.0. I found some related issues, which all use the attach-acr.
I am trying to install the ingress on a new azure kuberenetes cluster but it is giving following error:-
helm install germanyingress ingress-nginx --namespace test --set controller.replicaCount=2 --set controller.scope.enabled=true --set controller.service.loadBalancerIP="*******" --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-internal"="true"
WARNING: "kubernetes-charts.storage.googleapis.com" is deprecated for "stable" and will be deleted Nov. 13, 2020.
WARNING: You should switch to "https://charts.helm.sh/stable"
Error: failed to download "ingress-nginx" (hint: running `helm repo update` may help)
I already tried many ways but no luck.
The warning message is very clear, you're using a Helm repo that is deprecated.
Remove it using
helm repo remove germanyingress
Add the Kubernetes one
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
or the one from Nginx
helm repo add nginx-stable https://helm.nginx.com/stable
helm repo update
I deployed one ingress controller in a namespace by running the command:
helm install nginx-ingress ingress-nginx/ingress-nginx \
--namespace kk \
--set controller.replicaCount=2 \
--set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
--set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux
When I run the same command in another namespace I get the below error:
Error: Failed to download "ingress-nginx/ingress-nginx" (hint: running `helm repo update` may help)
I am pretty sure we can install multiple ingress controller in one Kubernetes cluster but I am unable to resolve this issue.
It's all about your internet connection. I've had the same problem.
Try using the specific version; that may help:
helm install ingress-nginx ingress-nginx/ingress-nginx --version 3.7.1 --debug