We Keep Coding

AKS nginx-ingress controller ACR

I'm unable to install the nginx ingress controller on AKS.Since I'm using userDefinedRouting as outboundType for egress when running
helm install nginx-ingress nginx-stable/nginx-ingress -n ingress --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-internal"='"true"' --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-internal-subnet"=x-x-x-aks-ingress-sub01 --set controller.service.loadBalancerIP="10.240.137.40" i can see that it failed to download the image because the root CA is not on the worker node and hence is unable to verify the SSL certificate. This is actually good and I've uploaded the nginx image to my ACR:
docker pull nginx docker tag nginx/nginx-ingress:2.2.2 nameofacr.azurecr.io/hub/nginx/nginx-ingress:2.2.2 and docker push nameofacr.azurecr.io/hub/nginx/nginx-ingress:2.2.2. If it look in the values.yaml file I see this:
values.yaml I've followed how to - helm install using private registry and think that I've added the tag as required but I can't figure out how to run the command now so that it will pull the image from my ACR.
What I've tried:
helm install nginx-ingress nameofacr.azurecr.io/hub/nginx/nginx-ingress -n ingress --set controller.service.annotations."service\.beta\ .kubernetes\.io/azure-load-balancer-internal"='"true"' --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-internal-subnet"=x-x-x-x-aks-ingress-sub01 --set contro ller.service.loadBalancerIP="10.240.137.40"
failed with Error: INSTALLATION FAILED: failed to download "nameofacr.azurecr.io/hub/nginx/nginx-ingress"
or
helm install nginx-ingress --set Image=nameofacr.azurecr.io nginx/nginx-ingress -n ingress --set controller.service.annotations."servi ce\.beta\.kubernetes\.io/azure-load-balancer-internal"='"true"' --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-internal-subnet"=x-x-x-x-aks-ingress-sub01 --s et controller.service.loadBalancerIP="10.240.137.40" resulted in Error: INSTALLATION FAILED: failed to download "nginx/nginx-ingress"
I can't get this to work. Any help please?

Use this chart : ingress-nginx/ingress-nginx. You have an official documentation that explain how to import images to private ACR.
You can use this commands to import images :
az acr import --name nameofacr --source k8s.gcr.io/ingress-nginx/controller:v1.2.1 --force
az acr import --name nameofacr --source k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 --force
Also try to fix the helm chart version helm install nginx-ingress ingress-nginx/ingress-nginx --version 4.1.3, to be sure you use the images related to a specific values.yaml.

Istio installation failed with private docker registry

Bug description
Installation gets timeout errors and in kubectl get pods -n istio-system shows ImagePullBackOff.
kubectl describe pod istiod-xxx-xxx -n istio-system
Failed to pull image "our-registry:5000/pilot:1.10.3": rpc error: code = Unknown desc = Error response from daemon: Head https://our-registry:5000/v2/pilot/manifests/1.10.3: no basic auth credentials
Affected product area (please put an X in all that apply)
[x] Installation
Expected behavior
Successful installation with istioctl install --set profile=demo --set hub=our-registry:5000
Steps to reproduce the bug
Create istio-system namespace.
Set docker-registry user credentials for istio-system namespace.
istioctl manifest generate --set profile=demo --set hub=our-registry:5000 > new-generated-manifest.yaml
Verify it has proper images with our-registry:5000
Pull and push required images to our-registry:5000
istioctl install --set profile=demo --set hub=our-registry:5000
Version
Kubernetes : v1.21
Istio : 1.10.3 / 1.7.3
How was Istio installed?
istioctl install --set profile=demo --set hub=our-registry:5000
[References]
Tried to setup imagePullSecrets as described here, but it gives
Json object error
2. Here describe about using it in charts, but dont know how they applied it.
Originally posted as an issue.

There are two ways to cirumvent this issue.
If installing with istioctl install
Using istioctl install provide a secret with docker-registry auth details with --set values.global.imagePullSecrets. Like this
istioctl install [other options] --set values.global.imagePullSecrets[0]=<auth-secret>
Where <auth-secret> is the secret created prior on the cluster.
You can read more about using secrets with docker repository here
If installing using Istio operator
Installing Istio with operator, from private regostry, you have to pass proper YAML:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
...
spec:
profile: demo #as an example
values:
global:
imagePullSecrets:
- <auth-secret>
...
Again, <auth-secret> must be created prior.

Error: error installing: the server could not find the requested resource HELM Kubernetes

What I Did:
I installed Helm with
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash
helm init --history-max 200
Getting an error:
$HELM_HOME has been configured at /root/.helm.
Error: error installing: the server could not find the requested resource
what does that error mean?
How should I install Helm and tiller?
Ubuntu version: 18.04
Kubernetes version: 1.16
Helm version:
helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Error: could not find tiller
Update:
I tried #shawndodo's answer but still tiller not installed
helm init --service-account tiller --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm'
--output yaml | sed 's#apiVersion: extensions/v1beta1#apiVersion: apps/v1#' | kubectl apply -f -
Update 2:
helm init --history-max 200 working in kubernetes version 1.15

I met the same problem, then I found this reply on here.
helm init --service-account tiller --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm' --output yaml | sed 's#apiVersion: extensions/v1beta1#apiVersion: apps/v1#' | kubectl apply -f -
It works for me. You can see the detail in this issue.

Unfortunately, Helm is not working with the current version of Kubernetes (1.16.0) as we can see on the issue #6374
For now, we can work around the incompatibility by selecting an older version of Kubernetes.
Starting minikube with a previous Kubernetes version
To solve this issue, simply start the minikube setting the version using the --kubernetes-version param (Ref.):
minikube delete
minikube start --kubernetes-version=1.15.4
Try to reboot the Helm too with the following command:
helm init
After that, you will be able to use the Helm without problems.

So tiller is the server side component that your helm client talks to (tiller is due to be removed in Helm 3 due to various security issues). When running helm init the helm client installs tiller on the cluster that your kubectl is currently setup to connect with (keep in mind that in order to install tiller you need admin access the cluster as tiller needs cluster-wide admin access) However there are many different strategies to work with tiller:
tiller per namespace: This is when you install tiller in a single namespace and only give it access to that namespace (vastly more secure than giving it cluster wide admin), you can find an article on how to here
tillerless: This is when you run tiller locally, you will need to export HELM_HOST to poiunt to this tiller and tiller will use the kube config configured at KUBECONFIG more information found here

I ran into the same issue - exactly the same configuration as initial question:
Ubuntu version: 18.04
Kubernetes version: 1.16
#shawndodo's answer didn't work for me. There were some issues with the tiller deployment and the tiller pod was not getting created at all!
I tried installing the from canary build as described in Helm docs - https://helm.sh/docs/using_helm/#from-canary-builds
helm init --canary-image --upgrade
This didn't work a couple days ago, but tried again (with newer canary build) and it worked today (20191005).
Whether I run into other issues now using canary build remains to be seen, but I got past the initialisation issue...

I tried all suggestions about changing the api version manually to fix this issue, this got rid of the errors but things didnt work properly afterwards. so in my case I removed my latest minicube installation and installed an old one on my mac using the below command, change minikube-darwin-amd64 to minikube-linux-amd64 if needed :
curl -LO https://storage.googleapis.com/minikube/releases/v1.3.0/minikube-darwin-amd64 \
&& sudo install minikube-darwin-amd64 /usr/local/bin/minikube
This downgraded my kubernetes to v1.15.2 which helm currently supports.

kubectl version: v1.16.0
helm version: v2.14.3
minikube start --memory=16384 --cpus=4
helm init --service-account tiller --output yaml | sed 's#apiVersion: extensions/v1beta1#apiVersion: apps/v1#' | sed 's# replicas: 1# replicas: 1\n selector: {"matchLabels": {"app": "helm", "name": "tiller"}}#' | kubectl apply -f -
helm template istio-1.3.3/install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl apply -f -
helm template istio-1.3.3/install/kubernetes/helm/istio --name istio --namespace istio-system | kubectl apply -f -

We need to have tiller installed in the cluster before we start using helm. helm init command installs tiller in the cluster and also we need to have RBAC configured in the cluster for tiller as well. Here you'll find out the RBAC rules required as per your need for your k8s cluster.

try
apt-get upgrade helm in my case it worked.

helm init --service-account tiller --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm' --output yaml | sed 's#apiVersion: extensions/v1beta1#apiVersion: apps/v1#' | kubectl apply -f -

Installing jupyterhub in minikube on a linux machine

I'm using the instructions from Zero to jupyterhub with kubernetes to install a jupyterhub in a minikube:
When I run the command in step 2 shown below:
RELEASE=jhub
NAMESPACE=jhub
~/minik$ helm upgrade --install $RELEASE jupyterhub/jupyterhub --namespace $NAMESPACE --version 0.7.0 --values config.yaml --debug --dry-run
I get this error:
[debug] Created tunnel using local port: '42995'
[debug] SERVER: "127.0.0.1:42995"
[debug] Fetched jupyterhub/jupyterhub to
/home1/chrisj/.helm/cache/archive/jupyterhub-0.7.0.tgz
Release "jhub" does not exist. Installing it now.
[debug] CHART PATH: /home1/chrisj/.helm/cache/archive/jupyterhub-0.7.0.tgz
Error: render error in "jupyterhub/templates/proxy/autohttps/service.yaml": template: jupyterhub/templates/proxy/autohttps/service.yaml:1:26: executing "jupyterhub/templates/proxy/autohttps/service.yaml" at <.Values.proxy.https....>: can't evaluate field https in type interface {}

I have deployed Jupyterhub on minikube correctly using the provided tutorial, then I deleted it using helm delete, and tried to deploy it again with helm upgrade --install. I got similar error as you have posted. For me using:
helm delete --purge jhub solved the problem.
PS: If this will not help you, please provide some more details, like helm version, kubectl get pods --all-namespaces

Helm repo to install istio

I am trying to install istio. I can easily package the helm chart if I clone the repo from github but I am just wondering if there is a helm chart repo that I can use?

If you're looking for a way to install istio version higher than 1.8.0 then there is a good news.
According to documentation helm support is back, currently in alpha.
We’ve added support for installing Istio with Helm 3. This includes both in-place upgrades and canary deployment of new control planes, after installing 1.8 or later. Helm 3 support is currently Alpha, so please try it out and give your feedback.
There is istio documentation about installing Istio with Helm 3, Helm 2 is not supported for installing Istio.
There are the Prerequisites:
Download the Istio release
Perform any necessary platform-specific setup
Check the Requirements for Pods and Services
Install a Helm client with a version higher than 3.1.1
There are the installation steps for istio 1.8.1:
Note that the default chart configuration uses the secure third party tokens for the service account token projections used by Istio proxies to authenticate with the Istio control plane. Before proceeding to install any of the charts below, you should verify if third party tokens are enabled in your cluster by following the steps describe here. If third party tokens are not enabled, you should add the option --set global.jwtPolicy=first-party-jwt to the Helm install commands. If the jwtPolicy is not set correctly, pods associated with istiod, gateways or workloads with injected Envoy proxies will not get deployed due to the missing istio-token volume.
1.Download the Istio release and change directory to the root of the release package and then follow the instructions below.
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.8.1 sh -
cd istio-1.8.1
2.Create a namespace istio-system for Istio components:
kubectl create namespace istio-system
3.Install the Istio base chart which contains cluster-wide resources used by the Istio control plane:
helm install -n istio-system istio-base manifests/charts/base
4.Install the Istio discovery chart which deploys the istiod service:
helm install --namespace istio-system istiod manifests/charts/istio-control/istio-discovery \
--set global.hub="docker.io/istio" --set global.tag="1.8.1"
5.Install the Istio ingress gateway chart which contains the ingress gateway components:
helm install --namespace istio-system istio-ingress manifests/charts/gateways/istio-ingress \
--set global.hub="docker.io/istio" --set global.tag="1.8.1"
6.(Optional) Install the Istio egress gateway chart which contains the egress gateway components:
helm install --namespace istio-system istio-egress manifests/charts/gateways/istio-egress \
--set global.hub="docker.io/istio" --set global.tag="1.8.1"
7.Verify that all Kubernetes pods in istio-system namespace are deployed and have a STATUS of Running:
kubectl get pods -n istio-system

Yes there is. A quick google search turned this up: https://github.com/istio/istio/tree/master/install/kubernetes/helm/istio

It's a pain to find, and they don't really reference it properly in the documentation, but according to these two comments, the charts can be found in the following locations:
master: https://gcsweb.istio.io/gcs/istio-prerelease/daily-build/master-latest-daily/charts/
v1.1.x: https://gcsweb.istio.io/gcs/istio-prerelease/daily-build/release-1.1-latest-daily/charts/

For a more recent answer, you can now add helm repository for istio for a specific version with helm repo add istio.io https://storage.googleapis.com/istio-release/releases/{{< istio_full_version >}}/charts/ according to documentation here.
It seems that helm repo add istio.io https://storage.googleapis.com/istio-release/releases/charts work too but for older versions (up to 1.1.2). It is not yet documented but follow a more idiomatic versionning. An issue is open on istio : https://github.com/istio/istio/issues/15498

The official helm chart is coming now!
https://artifacthub.io/packages/helm/istio-official/gateway
Need to be careful the comment in issue #31275
Note: this is a 1.12 prerelease, so you need to pass --devel to all helm commands and should not run it in prod yet.
Because the chart is still in the alpha version, we need to pass --devel flag or specify a chart version to allow development versions.
Install steps:
helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update
helm install --devel istio-ingressgateway istio/gateway
# or --version 1.12.0-alpha.1

helm repo add istio https://istio.io/charts works. I found it in this PR.