K
Q

NGINX controller install on Azure Kubernetes service

5/11/2018

I have Kubernetes 1.8.7 cluster deployed on AKS. I am trying to install NGINX ingress controller using help (helm install stable/nginx-ingress --namespace kube-system). I init helm using helm init --service-account default. I am getting following error

Error: release my-release failed: clusterroles.rbac.authorization.k8s.io "my-release-nginx-ingress" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["update"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["get"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{Resources:["events"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["events"], APIGroups:[""], Verbs:["patch"]} PolicyRule{Resources:["ingresses/status"], APIGroups:["extensions"], Verbs:["update"]}] user=&{system:serviceaccount:kube-system:default 0296ac27-555a-11e8-a9ed-cad48efa2d60 [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[] ruleResolutionErrors=[]

This command was working till yesterday and I have no changes done but it stopped working this morning. Aks doesn't support RBAC yet in my understanding and so created a role and mapping to cluster admin was futile. Any suggestions

-- gamepop
azure
kubernetes
kubernetes-ingress
nginx

Similar Questions

Kubernetes - How to use files from a directory in a pod?
How to update kubernetes deployment without updating image
Mixing local and remote Docker images repo?
Kubernates pass env variable to "kubectl create"
Unable to create clusters in Hazelcast over the Kubernetes
How to use an init container to check if MySQL is ready for connections?
Jenkins Container - Docker installation - docker daemon not working

1 Answer

5/12/2018

Add --version 0.18.1 to your helm install or helm upgrade command. Still getting to the bottom of this, but the culprit is https://github.com/kubernetes/charts/pull/5169

-- Scott LaPlante
Source: StackOverflow