Hi All,
I m trying to write an terraform script with helm provider for installing ingress and jenkins on an exisitng AKS cluster.
I have pasted the code below
provider "azurerm" {
version = "~>1.18"
}
terraform {
backend "azurerm" {}
}
##################################################### Locals block for hardcoded names.
locals {
confluence_labels ={
app="atlassian-confluence"
}
jira_labels ={
app="atlassian-jira"
}
bitbucket_labels ={
app="atlassian-bitbucket"
}
jira-deployment="atlassian-jira"
confluence-deployment="atlassian-confluence"
bitbucket-deployment="atlassian-bitbucket"
confluence-image="cptactionhank/atlassian-confluence:latest"
tiller-image="gcr.io/kubernetes-helm/tiller:v2.11.0"
jira-image="cptactionhank/atlassian-jira-software:latest"
bitbucket-image="cptactionhank/atlassian-bitbucket:latest"
helm-repository=""
}
####################################################Resources
data "azurerm_resource_group" "rg" {
name = "${var.resource_group_name}"
# location = "${var.location}}"
}
######################################################################
data "azurerm_kubernetes_cluster" "kubernetes" {
name = "${var.aks_name}-${var.aks_dns_prefix}"
resource_group_name = "${data.azurerm_resource_group.rg.name}"
}
####################Installing the instances on the AKS using helm provider #########################################
provider kubernetes {
version = "~> 1.6"
host = "${data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.host}"
client_certificate = "${base64decode(data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.client_certificate)}"
client_key = "${base64decode(data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.client_key)}"
cluster_ca_certificate = "${base64decode(data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.cluster_ca_certificate)}"
}
##################################### create service account for tiller - server side of Helm
resource "kubernetes_service_account" "tiller" {
automount_service_account_token = true
metadata {
name = "tiller-service-account"
namespace = "kube-system"
}
}
###################################### Create Static Public IP Address to be used by Nginx Ingress
resource "azurerm_public_ip" "nginx_ingress" {
name = "nginx-ingress-pip"
location = "${data.azurerm_kubernetes_cluster.kubernetes.location}"
resource_group_name = "${data.azurerm_kubernetes_cluster.kubernetes.node_resource_group}"
public_ip_address_allocation = "static"
# domain_name_label = "${var.aks_dns_prefix}"
}
###################################### Add Kubernetes Stable Helm charts repo
data "helm_repository" "stable" {
name = "stable"
url = "https://kubernetes-charts.storage.googleapis.com"
}
########################################## Allow tiller do the stuff :)
resource "kubernetes_cluster_role_binding" "tiller" {
metadata {
name = "tiller-cluster-rule"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "cluster-admin"
}
subject {
kind = "ServiceAccount"
name = "default"
namespace = "kube-system"
}
subject {
kind = "ServiceAccount"
name = "${kubernetes_service_account.tiller.metadata.0.name}"
api_group = ""
namespace = "${kubernetes_service_account.tiller.metadata.0.namespace}"
}
}
#################################################################################################
provider "helm"
{
debug = true
install_tiller = true
service_account = "${kubernetes_service_account.tiller.metadata.0.name}"
tiller_image ="${local.tiller-image}"
version = "~> 0.9"
kubernetes {
host = "${data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.host}"
client_certificate = "${base64decode(data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.client_certificate)}"
client_key = "${base64decode(data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.client_key)}"
cluster_ca_certificate = "${base64decode(data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.cluster_ca_certificate)}"
}
}
###############################################################################################
resource "helm_release" "nginx-ingress" {
name = "nginx-ingress"
repository = "${data.helm_repository.stable.metadata.0.name}"
chart = "nginx-ingress"
wait = false
set {
name = "rbac.create"
value = "false"
}
set {
name = "controller.service.externalTrafficPolicy"
value = "Local"
}
set {
name = "controller.service.loadBalancerIP"
value = "${azurerm_public_ip.nginx_ingress.ip_address}"
}
depends_on = ["kubernetes_service_account.default","kubernetes_service_account.tiller","kubernetes_cluster_role_binding.tiller"]
}
##################################################################
resource "helm_release" "jenkins" {
name = "jenkins"
repository = "${data.helm_repository.stable.metadata.0.name}"
chart = "stable/jenkins"
namespace = "default"
wait=false
set_string {
name = "networkPolicy.enabled"
value = "true"
}
set {
name = "rbac.create"
value = "false"
}
set {
name = "controller.service.externalTrafficPolicy"
value = "Local"
}
depends_on = ["kubernetes_service_account.default","kubernetes_service_account.tiller","kubernetes_cluster_role_binding.tiller"]
}
######################################################################################################
resource "kubernetes_service_account" "default" {
automount_service_account_token = true
metadata {
name = "serviceaccountname"
}
}
################################################################
I m getting the below error when i m applying the plan:
Error:
2019-05-06T20:28:12.084Z [DEBUG] plugin.terraform-provider-helm_v0.9.1_x4: 2019/05/06 20:28:12 [DEBUG] could not get release rpc error: code = Unknown desc = Unauthorized
2019-05-06T20:28:12.084Z [DEBUG] plugin.terraform-provider-helm_v0.9.1_x4: 2019/05/06 20:28:12 [DEBUG] could not get release rpc error: code = Unknown desc = Unauthorized
+1
I'm having the same issue after trying to delete a helm chart, the tiller service account and rolebinding.
2019-09-16T15:17:46.774+0200 [DEBUG] plugin.terraform-provider-helm_v0.10.2_x4: 2019/09/16 15:17:46 [DEBUG] could not get release rpc error: code = Unknown desc = Unauthorized
2019/09/16 15:17:46 [ERROR] <root>: eval: *terraform.EvalRefresh, err: rpc error: code = Unknown desc = Unauthorized
2019/09/16 15:17:46 [ERROR] <root>: eval: *terraform.EvalSequence, err: rpc error: code = Unknown desc = Unauthorized
I cannot use the helm command anymore, which makes me believe the issue is related to the deletion of the resources and its order.
+1
+1
Closing this issue since is making reference to a version based on Helm 2, if this is still valid to the master branch please reopen it. Thanks.
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
Most helpful comment
I'm having the same issue after trying to delete a helm chart, the tiller service account and rolebinding.
2019-09-16T15:17:46.774+0200 [DEBUG] plugin.terraform-provider-helm_v0.10.2_x4: 2019/09/16 15:17:46 [DEBUG] could not get release rpc error: code = Unknown desc = Unauthorized 2019/09/16 15:17:46 [ERROR] <root>: eval: *terraform.EvalRefresh, err: rpc error: code = Unknown desc = Unauthorized 2019/09/16 15:17:46 [ERROR] <root>: eval: *terraform.EvalSequence, err: rpc error: code = Unknown desc = UnauthorizedI cannot use the helm command anymore, which makes me believe the issue is related to the deletion of the resources and its order.