K
Q

Helm install failing with " Client is not authorized"

8/8/2019

I have an openshift cluster where I am installing help. The Helm version is 2.7.2.

When I try to install a chart I get the error

Error: User is not authorized to install release

On tiller, I see these logs:

2019/08/08 13:18:57 DONE with request 2019/08/08 13:18:57 Problem sending request Get http:///identity/api/v1/users//getTeamResources: http: no Host in request URL [tiller] 2019/08/08 13:18:57 Client is not authorized

I have already created role/rolebinding. The same chart works with Helm 2.2 version but fails with 2.7 version

-- sachin gupta
kubernetes
kubernetes-helm

Similar Questions

How to set ingress-nginx custom errors
Minikube mounted host folders are not working
Can multiple Kubernetes NodePort services share the same backend target?
Renewing Kubernetes cluster certificates
networkpolicy to isolate namespace and pod with port
How to connect a domain to hubspot without DNS changes?

1 Answer

8/9/2019

Referring to the official documentation:

As of Helm 2.7.2, Tiller requires that the client certificate be validated by its CA. In prior versions, Tiller used a weaker validation strategy that allowed self-signed certificates.

What you need to create?

  1. private CA that is used to issue certificates for Tiller clients and servers.
  2. certificate for Tiller and for the Helm client
  3. Tiller instance that uses the certificate
  4. configure the Helm client to use the CA and client-side certificate

After that you should have a Tiller instance running that will only accept connections from clients who can be authenticated by SSL certificate.

Please follow the steps from helm site.

-- muscat
Source: StackOverflow