@AronT-TLV - the issue that you have included (#346) does not appear related. Can you provide more information on the issue that you have encountered.

I am curious if the issue is related to this:

https://github.com/kubernetes/helm/pull/3990

Can you try deleting the tiller deployment:

kubectl delete deployment tiller-deploy --namespace kube-system

And then running helm init again with this command?

helm init --upgrade --service-account default

Does this fix up Helm for you?

Thanks

Yes exactly that fixes the problem, as noted in the cited ticket. The question is why doing helm init fails the first time

Get Outlook for iOShttps://aka.ms/o0ukef

From: Neil Peterson notifications@github.com
Sent: Sunday, May 13, 2018 7:50:20 PM
To: MicrosoftDocs/azure-docs
Cc: Aron T; Mention
Subject: Re: [MicrosoftDocs/azure-docs] These instructions don't work (#8526)

@AronT-TLVhttps://github.com/AronT-TLV - the issue that you have included (#346https://github.com/MicrosoftDocs/azure-docs/pull/346) does not appear related. Can you provide more information on the issue that you have encountered.

I am curious if the issue is related to this:

kubernetes/helm#3990https://github.com/kubernetes/helm/pull/3990

Can you try deleting the tiller deployment:

kubectl delete deployment tiller-deploy --namespace kube-system

And then running helm init again with this command?

helm init --upgrade --service-account default

Does this fix up Helm for you?

Thanks

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com/MicrosoftDocs/azure-docs/issues/8526#issuecomment-388640382, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AVGMY3B-TW5QxHS3Gfm_U_057db_sFoZks5tyGRMgaJpZM4T83jV.

This didn't fix it for me. Neither did the patch fix I've seen floating around.

kubectl patch deployment tiller-deploy -n kube-system -p '{"spec": {"template": {"spec": {"automountServiceAccountToken": true}}}}'

I get further, but get...
Error: release ... failed: clusterroles.rbac.authorization.k8s.io "...-nginx-ingress" is forbidden: attempt to grant extra privileges

@kduenke - two unrelated events have broken two different steps in this doc.

Helm issue

First, an issue with Helm, which results in this message when running any chart in an AKS cluster.

Error: no available release name found

The fix is to delete the tiller deployment, and reinstall with:

kubectl delete deployment tiller-deploy --namespace kube-system

Updated NGINX ingress chart

Second, the default values in the NGINX ingress controller chart have been updated to assume an RBAC enabled cluster. As AKS is not RBAC enabled, the command needs to set RBAC related values to false.

The error when running the chart with the current command is as you have encountered.

Error: release cantankerous-salamander failed: clusterroles.rbac.authorization.k8s.io "cantankerous-salamander-nginx-ingress" is forbidden: attempt to grant extra privileges...

Instead, run this command:

helm install stable/nginx-ingress --set rbac.create=false --set rbac.createRole=false --set rbac.createClusterRole=false

Both of these updates have been merged into the documentation repo and should publish on Monday morning.

Thanks

Eureka! I just got over this. It looks to me like RBAC may be enabled now on AKS, but only partially? I just created my cluster on 5/11/18.

I took pieces from these two issues...
https://github.com/kubernetes/helm/issues/3985
https://github.com/jenkins-x/jx/issues/485

kubectl create -f ClusterRoles.yaml (this yaml came from herzogf in the jenkins issue)
kubectl create serviceaccount tiller --namespace kube-system
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
helm init --upgrade --service-account tiller
helm repo update
helm install stable/nginx-ingress --namespace kube-system

Neil, I just saw your latest post. I hadn't refreshed my page. Am I going to have problems with the approach I took?

@kduenke - I spoke with the AKS team late last week about RBAC and was informed it is not enabled.
That said, I cannot explain your fix.

@slack - can you confirm that RBAC is not enabled / functioning in AKS clusters at this time?

Thanks

I've confirmed that RBAC is not yet enabled.

please-close

@AronT-TLV
We will now proceed to close this thread. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.