Failed to create nodeport error, after deploying ingress - kubernetes

Failed to create NodePort error, after deploying ingress
I have an ingress defined as in the screenshot:
Screenshot
The 2 replicas of an Ingress server are not spinning due to the Failed to create NodePort error. Please advice

Just like the error says. You are missing the NodePortPods CRD. It looks like that CRD existed at some point in time. But I don't see it anymore in the repo. You didn't specify how you deployed the ingress operator but you can make sure you install the latest.
helm repo add appscode https://charts.appscode.com/stable/
helm repo update
helm search repo appscode/voyager --version v13.0.0
# Generate the template to check or use helm install
helm template voyager-operator appscode/voyager --version v13.0.0 --namespace kube-system --no-hooks --set cloudProvider=baremetal 👈 Use the right cloud provider
✌️

Related

NGINX Controller Upgrade Using Helm

I installed NGINX Controller 2 years ago using Helm 2 in our AKS clusters, and it pulled the image from quay.io at the time:
quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.27.0
We are now looking to upgrade our NGINX ingress controllers, and in our new clusters I see the image repo is gcr.io:
k8s.gcr.io/ingress-nginx/controller:v1.20.0#sha256:8xxxxxxxxxxxxxxxxxxxxxxxxxxxx3
I ran the following command using Helm 3 to upgrade Kubernetes NGINX Controller to no avail in our old cluster with controller from quay.io:
helm upgrade awesome-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx -f nginx-reuse-values-file.yaml
Error: UPGRADE FAILED: current release manifest contains removed kubernetes api(s) for this kubernetes version and it is therefore unable to build the kubernetes objects for performing the diff. error from kubernetes: unable to recognize "": no matches for kind "Deployment" in version "extensions/v1beta1"
The K8s version is 1.20.9.
The current quay.io NGINX ingress controller manifest shows following version:
apiVersion: apps/v1
Well, figured it out:
https://github.com/helm/helm-mapkubeapis
The Helm mapkubeapis plugin for the win. I had to update deprecated APIs as evident in the error message in my original post. Ran Helm upgrade after updating to the latest APIs for my K8s version successfully.

cannot helm install rabbitmq servers (helm 2.16.9) : namespaces "rabbit" is forbidden

helm install --name my-rabbitserver stable/rabbitmq --namespace rabbit
Error: release my-rabbitserver failed: namespaces "rabbit" is forbidden: User "system:serviceaccount:kube-system:default" cannot get resource "namespaces" in API group "" in the namespace "rabbit"
I have tried with (and without a rabbit namespace created before the install attempt)
I am using helm 2.16.9, so I need to qualify the name of my installation with a --name
I am using this against a Google Cloud kubernetes cluster
It looks as though the Helm tiller pod did not have sufficient priveldeges.
I found this similar issue:
https://support.sumologic.com/hc/en-us/articles/360037704393-Kubernetes-Helm-install-fails-with-Error-namespaces-sumologic-is-forbidden-User-system-serviceaccount-kube-system-default-cannot-get-resource-namespaces-in-API-group-in-the-namespace-sumologic-
Basically I have to stop the tiller deployment, set up tiller ServiceAccount yaml and run it to give tiller access to the kube-system. And then execute helm init again with the new service account.
The helm rabbitmq installs then appear work as advertised
I thought helm was supposed to make life easier, but it still has its own limitations and additional yaml files to get it to work as advertised.

Helm3 with EKS cluster

During Installation of Helm3 stable, i found Helm3 stable does not implement tiller deployment for fetching cluster details, it works as a Client utility only, my question is it, if it is not implementing tiller concept for fetching details, how does it connect with EKS.
I have already installed kubectl and it is running fine, is it something like this, helm client is dependent on kubectl service?
I performed following steps:
1.helm version
version.BuildInfo{Version:"v3.1.0", GitCommit:"b29d20baf09943e134c2fa5e1e1cab3bf93315fa", GitTreeState:"clean", GoVersion:"go1.13.7"}
2.kubectl create serviceaccount tiller --namespace kube-system
serviceaccount/tiller created
3.notepad rbac-config.yaml
4.kubectl apply -f rbac-config.yaml
clusterrolebinding.rbac.authorization.k8s.io/tiller-role-binding created
5.helm init --service-account tiller
Error: unknown flag: --service-account
I know steps 2,3,4 are not required in Helm3, but curious to know how helm3 interacts as a client service with EKS cluster.
Just like kubectl, helm also uses kubeconfig to communicate with the cluster.
So, both kubectl and helm depend on the cluster's config file rather depending on each other.

Use Gitlab-installed Helm from CLI. Could not find tiller

I've created a kubernetes cluster on AWS using Kops, and I've correctly configured the cluster on Gitlab.
I've installed Helm Tiller and Ingress from Gitlab's panel, but I now wish to uninstall the Ingress chart.
I'm not sure how to uninstall the ingress chart. What I'm tring now is configuring my Helm CLI to delete the ingress release, but I'm not getting the Helm CLI correctly configured. The Tiller stuff is being deployed at the gitlab-managed-apps, so I'm trying the following command:
$ helm init --tiller-namespace gitlab-managed-apps --service-account tiller --upgrade
HELM_HOME has been configured at C:\Users\danie\.helm.
Tiller (the Helm server-side component) has been upgraded to the current version.
Happy Helming!
But then when I'm trying to issue the helm ls command I'm getting the following error:
$ helm ls
Error: could not find tiller
But the service account exists on the namespace:
$ kubectl get serviceAccounts -n gitlab-managed-apps
NAME SECRETS AGE
default 1 23h
ingress-nginx-ingress 1 23h
tiller 1 23h
Any ideas how to get the CLI correctly configured?
you have installed tiller to a namespace that is not the default namespace.
As per default the Helm CLI will assume tiller is installed in default and that this is the namespace you want to "get in touch with"
this can be fixed by using the tiller-namespace flag as for your example that'd be
helm list --tiller-namespace gitlab-managed-apps
Try using Helm version 3 onward. Helm versions 1 and 2 are actually composed of two pieces – the Helm CLI, and Tiller, the Helm server-side component. It is important to note that Helm 3 removes the Tiller component, and thus is more secure

Helm repo to install istio

I am trying to install istio. I can easily package the helm chart if I clone the repo from github but I am just wondering if there is a helm chart repo that I can use?
If you're looking for a way to install istio version higher than 1.8.0 then there is a good news.
According to documentation helm support is back, currently in alpha.
We’ve added support for installing Istio with Helm 3. This includes both in-place upgrades and canary deployment of new control planes, after installing 1.8 or later. Helm 3 support is currently Alpha, so please try it out and give your feedback.
There is istio documentation about installing Istio with Helm 3, Helm 2 is not supported for installing Istio.
There are the Prerequisites:
Download the Istio release
Perform any necessary platform-specific setup
Check the Requirements for Pods and Services
Install a Helm client with a version higher than 3.1.1
There are the installation steps for istio 1.8.1:
Note that the default chart configuration uses the secure third party tokens for the service account token projections used by Istio proxies to authenticate with the Istio control plane. Before proceeding to install any of the charts below, you should verify if third party tokens are enabled in your cluster by following the steps describe here. If third party tokens are not enabled, you should add the option --set global.jwtPolicy=first-party-jwt to the Helm install commands. If the jwtPolicy is not set correctly, pods associated with istiod, gateways or workloads with injected Envoy proxies will not get deployed due to the missing istio-token volume.
1.Download the Istio release and change directory to the root of the release package and then follow the instructions below.
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.8.1 sh -
cd istio-1.8.1
2.Create a namespace istio-system for Istio components:
kubectl create namespace istio-system
3.Install the Istio base chart which contains cluster-wide resources used by the Istio control plane:
helm install -n istio-system istio-base manifests/charts/base
4.Install the Istio discovery chart which deploys the istiod service:
helm install --namespace istio-system istiod manifests/charts/istio-control/istio-discovery \
--set global.hub="docker.io/istio" --set global.tag="1.8.1"
5.Install the Istio ingress gateway chart which contains the ingress gateway components:
helm install --namespace istio-system istio-ingress manifests/charts/gateways/istio-ingress \
--set global.hub="docker.io/istio" --set global.tag="1.8.1"
6.(Optional) Install the Istio egress gateway chart which contains the egress gateway components:
helm install --namespace istio-system istio-egress manifests/charts/gateways/istio-egress \
--set global.hub="docker.io/istio" --set global.tag="1.8.1"
7.Verify that all Kubernetes pods in istio-system namespace are deployed and have a STATUS of Running:
kubectl get pods -n istio-system
Yes there is. A quick google search turned this up: https://github.com/istio/istio/tree/master/install/kubernetes/helm/istio
It's a pain to find, and they don't really reference it properly in the documentation, but according to these two comments, the charts can be found in the following locations:
master: https://gcsweb.istio.io/gcs/istio-prerelease/daily-build/master-latest-daily/charts/
v1.1.x: https://gcsweb.istio.io/gcs/istio-prerelease/daily-build/release-1.1-latest-daily/charts/
For a more recent answer, you can now add helm repository for istio for a specific version with helm repo add istio.io https://storage.googleapis.com/istio-release/releases/{{< istio_full_version >}}/charts/ according to documentation here.
It seems that helm repo add istio.io https://storage.googleapis.com/istio-release/releases/charts work too but for older versions (up to 1.1.2). It is not yet documented but follow a more idiomatic versionning. An issue is open on istio : https://github.com/istio/istio/issues/15498
The official helm chart is coming now!
https://artifacthub.io/packages/helm/istio-official/gateway
Need to be careful the comment in issue #31275
Note: this is a 1.12 prerelease, so you need to pass --devel to all helm commands and should not run it in prod yet.
Because the chart is still in the alpha version, we need to pass --devel flag or specify a chart version to allow development versions.
Install steps:
helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update
helm install --devel istio-ingressgateway istio/gateway
# or --version 1.12.0-alpha.1
helm repo add istio https://istio.io/charts works. I found it in this PR.