I have kubernetes Cluster v1.10 over centos 7 , bare-metal
helm version
Client: &version.Version{SemVer:"v2.11.0-rc.3", GitCommit:"28d295be2a94115b786ee277dffcc2b5483bde47", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0-rc.3", GitCommit:"28d295be2a94115b786ee277dffcc2b5483bde47", GitTreeState:"clean"}I am trying to install nginx using helm
helm install stable/nginx-ingress --name nginxIt returns
Error: release nginx failed:
clusterroles.rbac.authorization.k8s.io "nginx-nginx-ingress" is
forbidden: attempt to grant extra privileges:
[PolicyRule{APIGroups:[""], Resources:["configmaps"], Verbs:
["list"]} PolicyRule{APIGroups:[""], Resources:["configmaps"],
Verbs:["watch"]} PolicyRule{APIGroups:[""], Resources:
["endpoints"], Verbs:["list"]} PolicyRule{APIGroups:[""],
Resources:["endpoints"], Verbs:["watch"]} PolicyRule{APIGroups:
[""], Resources:["nodes"], Verbs:["list"]} PolicyRule{APIGroups:
[""], Resources:["nodes"], Verbs:["watch"]} PolicyRule{APIGroups:
[""], Resources:["pods"], Verbs:["list"]} PolicyRule{APIGroups:
[""], Resources:["pods"], Verbs:["watch"]} PolicyRule{APIGroups:
[""], Resources:["secrets"], Verbs:["list"]} PolicyRule{APIGroups:
[""], Resources:["secrets"], Verbs:["watch"]}
PolicyRule{APIGroups:[""], Resources:["nodes"], Verbs:["get"]}
PolicyRule{APIGroups:[""], Resources:["services"], Verbs:["get"]}
PolicyRule{APIGroups:[""], Resources:["services"], Verbs:["list"]}
PolicyRule{APIGroups:[""], Resources:["services"], Verbs:
["update"]} PolicyRule{APIGroups:[""], Resources:["services"],
Verbs:["watch"]} PolicyRule{APIGroups:["extensions"], Resources:
["ingresses"], Verbs:["get"]} PolicyRule{APIGroups:["extensions"],
Resources:["ingresses"], Verbs:["list"]} PolicyRule{APIGroups:
["extensions"], Resources:["ingresses"], Verbs:["watch"]}
PolicyRule{APIGroups:[""], Resources:["events"], Verbs:["create"]}
PolicyRule{APIGroups:[""], Resources:["events"], Verbs:["patch"]}
PolicyRule{APIGroups:["extensions"], Resources:
["ingresses/status"], Verbs:["update"]}] user=&
{system:serviceaccount:kube-system:default 8f248058-b684-11e8-
b781-daf0a0c10949 [system:serviceaccounts
system:serviceaccounts:kube-system system:authenticated] map[]}
ownerrules=[] ruleResolutionErrors=[]
How can i solve this issue ?
Thank You :D
As kubectl apply -f is used to create or update resources, Helm, on the other hand, can be called Kubernetes Package Manager. The solution you have posted is a workaround as the question is about Helm and not how to create resources using the kubectl apply. Adding --set rbac.create=false indicates that you probably deployed Tiller with no RBAC support. The question is, was it done intentionally? If you don't have RBAC authorization turned on, you can keep using --set rbac.create=false; if you want RBAC on, you have to add Tiller service account the cluster-admin role.
You can find how to configure it properly here.
More information about installation and configuration of Helm and Tiller is available here and the detailed explanation of the similar case in this Github issue.
After Search I think this is the solution
helm install stable/nginx-ingress --name ingress --namespace kube-system --set rbac.create=false --set rbac.createRole=false --set rbac.createClusterRole=falseOR
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml