Azure-docs: Docs are confusing

Created on 13 Jul 2018 · 7Comments · Source: MicrosoftDocs/azure-docs

Hello again,

Probably related to my ealier submitted issue.

Tried

helm install stable/nginx-ingress --set rbac.create=false --set rbac.createRole=false --set rbac.createClusterRole=false

from

https://github.com/Azure/AKS/issues/346

but when I surf to the IP I get

This site can’t be reached
<ip-address-here> took too long to respond.
Try:

Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_CONNECTION_TIMED_OUT

I've tested with two clusters. This used to work some months back.

And as a last note, I think the docs need to be much more explicit about the different versions used because there are a lot of components involved here and things move fast. For instance, we have helm, kubectl, az, kubernetes, nginx-ingress. A lot of the time if one components gets bumped, another gets affected. Seen this too many times. :(

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: ada58160-dc50-b977-d3bc-65f92406e16d
Version Independent ID: 5c596e04-fddb-effe-3b72-575f4df42d4e
Content: Configure ingress with Azure Kubernetes Service (AKS) cluster
Content Source: articles/aks/ingress.md
Service: container-service
GitHub Login: @iainfoulds
Microsoft Alias: iainfou

assigned-to-author container-servicsvc doc-enhancement triaged

Source

spacecat

Most helpful comment

@iainfoulds I tried everything again (fresh cluster install) and now it works. I think I must have missed/skipped the Helm step a long the way.

For reference these are the steps that I needed to do in order for it to work:

1 https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough

1.1 Create resource group:
az group create --name test-cluster-02-rg --location westeurope

1.2 Create cluster (RBAC is enabled by default):
az aks create --resource-group test-cluster-02-rg --name test-cluster-02-cl --node-count 1 --generate-ssh-keys

1.3 Connect to the cluster:
az aks get-credentials --resource-group test-cluster-02-rg --name test-cluster-02-cl

2 https://docs.microsoft.com/en-us/azure/aks/kubernetes-helm

2.1 Create a service account:
nano helm-rbac.yml
kubectl create -f helm-rbac.yml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

2.2 Configure Helm:
helm init --service-account tiller

3 https://docs.microsoft.com/en-us/azure/aks/ingress

3.1 Install ingress controller:
helm install stable/nginx-ingress --namespace kube-system

3.2 Get the public IP address:
kubectl get service -l app=nginx-ingress --namespace kube-system

If I browse to the public IP address, I am routed to the NGINX ingress controllers default 404 page which previously did not work for me.

It's easy to miss the Helm service account part and I think it would be a good thing if you could add a highlighted side note or similar with a link (https://docs.microsoft.com/en-us/azure/aks/kubernetes-helm) on the Ingress and TLS docs page so you don't miss it. Also, in the Install an ingress controller part you could add a link to https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough. And that a cluster created following that walkthrough is RBAC-enabled by default. I believe that doesn't say anywhere.

You can close this now.

Thanks!

spacecat on 17 Jul 2018

👍4 ❤1

All 7 comments

Also, a lot of the times you get an error, find some snippet on Google, execute the command, without really knowing what you just did, then leaving your environment in a "messy" state. The docs should therefore always have some sort of reset instructions.

spacecat on 13 Jul 2018

11705

Thanks for the feedback @spacecat. I am investigating. i will close the other issue and we can just work off this one.

mimckitt on 13 Jul 2018

@iainfoulds would you be able to look into this one? Might be related to the other 2 you are working on from @spacecat

mimckitt on 16 Jul 2018

@MicahMcKittrick-MSFT These are quite different.

@spacecat I'll create a non-RBAC cluster and test. On an RBAC-enabled cluster, the instructions work correctly.

I'll look to add a note on how to remove a Helm deployment if you no longer wish to use. These aren't AKS specific, rather Helm management tasks. To list what's been installed by Helm:

helm list

The _CHART_ column shows what component it is, such as _nginx-ingress-0.22.1_, as shown in the following example output:

 $ helm list                                                                                                                                                                            
NAME            REVISION    UPDATED                     STATUS      CHART                   NAMESPACE
rafting-sparrow 1           Mon Jul 16 14:02:02 2018    DEPLOYED    nginx-ingress-0.22.1    kube-system

So delete the ingress controller:

helm delete rafting-sparrow

in-progress

iainfoulds on 16 Jul 2018

@spacecat I can't replicate this error, both a non-RBAC and RBAC-enabled cluster respond on the public IP address in the web browser. When you do a helm list, is the ingress controller shown? If you do kubectl get pods, do the pods show as in a _Running_ state?

iainfoulds on 17 Jul 2018