Terraform-provider-helm: Unable to install helm charts using terraform provider helm

Created on 7 May 2019  ·  6Comments  ·  Source: hashicorp/terraform-provider-helm

Hi All,

I m trying to write an terraform script with helm provider for installing ingress and jenkins on an exisitng AKS cluster.

I have pasted the code below

provider "azurerm" {
  version = "~>1.18"
}

terraform {
  backend "azurerm" {}
}

##################################################### Locals block for hardcoded names.
locals {
  confluence_labels ={
    app="atlassian-confluence"
  }
  jira_labels ={
    app="atlassian-jira"
  }

  bitbucket_labels ={
    app="atlassian-bitbucket"
  }
  jira-deployment="atlassian-jira"
  confluence-deployment="atlassian-confluence"
  bitbucket-deployment="atlassian-bitbucket"
  confluence-image="cptactionhank/atlassian-confluence:latest"
  tiller-image="gcr.io/kubernetes-helm/tiller:v2.11.0"
  jira-image="cptactionhank/atlassian-jira-software:latest"
  bitbucket-image="cptactionhank/atlassian-bitbucket:latest"
  helm-repository=""
}

####################################################Resources
data "azurerm_resource_group" "rg" {
  name = "${var.resource_group_name}"
  # location = "${var.location}}"

}

######################################################################
data "azurerm_kubernetes_cluster" "kubernetes" {
  name = "${var.aks_name}-${var.aks_dns_prefix}"
  resource_group_name = "${data.azurerm_resource_group.rg.name}"

}

####################Installing the instances on the AKS using helm provider #########################################

provider kubernetes {
  version = "~> 1.6"
  host = "${data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.host}"


  client_certificate     = "${base64decode(data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.client_certificate)}"
  client_key             = "${base64decode(data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.client_key)}"
  cluster_ca_certificate = "${base64decode(data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.cluster_ca_certificate)}"
}

##################################### create service account for tiller - server side of Helm
resource "kubernetes_service_account" "tiller" {
  automount_service_account_token = true

  metadata {
    name      = "tiller-service-account"
    namespace = "kube-system"
  }
}
###################################### Create Static Public IP Address to be used by Nginx Ingress
resource "azurerm_public_ip" "nginx_ingress" {
  name                         = "nginx-ingress-pip"
  location                     = "${data.azurerm_kubernetes_cluster.kubernetes.location}"
  resource_group_name          = "${data.azurerm_kubernetes_cluster.kubernetes.node_resource_group}"
  public_ip_address_allocation = "static"
  # domain_name_label            = "${var.aks_dns_prefix}"
}
###################################### Add Kubernetes Stable Helm charts repo
data "helm_repository" "stable" {
  name = "stable"
  url  = "https://kubernetes-charts.storage.googleapis.com"
}


########################################## Allow tiller do the stuff :)
resource "kubernetes_cluster_role_binding" "tiller" {
  metadata {
    name = "tiller-cluster-rule"
  }

  role_ref {
    api_group = "rbac.authorization.k8s.io"
    kind      = "ClusterRole"
    name      = "cluster-admin"
  }
  subject {
    kind      = "ServiceAccount"
    name      = "default"
    namespace = "kube-system"
  }
  subject {
    kind      = "ServiceAccount"
    name      = "${kubernetes_service_account.tiller.metadata.0.name}"
    api_group = ""
    namespace = "${kubernetes_service_account.tiller.metadata.0.namespace}"
  }
}
#################################################################################################
provider "helm"
{
  debug = true
  install_tiller = true
  service_account = "${kubernetes_service_account.tiller.metadata.0.name}"
  tiller_image ="${local.tiller-image}"
  version = "~> 0.9"

  kubernetes {

    host = "${data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.host}"

    client_certificate     = "${base64decode(data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.client_certificate)}"
    client_key             = "${base64decode(data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.client_key)}"
    cluster_ca_certificate = "${base64decode(data.azurerm_kubernetes_cluster.kubernetes.kube_config.0.cluster_ca_certificate)}"
  }
}
###############################################################################################
resource "helm_release" "nginx-ingress" {
  name       = "nginx-ingress"
  repository = "${data.helm_repository.stable.metadata.0.name}"
  chart      = "nginx-ingress"
wait = false

  set {
    name  = "rbac.create"
    value = "false"
  }

  set {
    name  = "controller.service.externalTrafficPolicy"
    value = "Local"
  }

  set {
    name  = "controller.service.loadBalancerIP"
    value = "${azurerm_public_ip.nginx_ingress.ip_address}"
  }
  depends_on = ["kubernetes_service_account.default","kubernetes_service_account.tiller","kubernetes_cluster_role_binding.tiller"]
}
##################################################################
resource "helm_release" "jenkins" {
  name  = "jenkins"
  repository = "${data.helm_repository.stable.metadata.0.name}"
  chart = "stable/jenkins"
  namespace = "default"
wait=false
  set_string {
    name = "networkPolicy.enabled"
    value = "true"
  }
  set {
    name  = "rbac.create"
    value = "false"
  }

  set {
    name  = "controller.service.externalTrafficPolicy"
    value = "Local"
  }
depends_on = ["kubernetes_service_account.default","kubernetes_service_account.tiller","kubernetes_cluster_role_binding.tiller"]
}

######################################################################################################
resource "kubernetes_service_account" "default" {
  automount_service_account_token = true
  metadata {
    name = "serviceaccountname"
  }
}
################################################################


I m getting the below error when i m applying the plan:
Error:
2019-05-06T20:28:12.084Z [DEBUG] plugin.terraform-provider-helm_v0.9.1_x4: 2019/05/06 20:28:12 [DEBUG] could not get release rpc error: code = Unknown desc = Unauthorized
2019-05-06T20:28:12.084Z [DEBUG] plugin.terraform-provider-helm_v0.9.1_x4: 2019/05/06 20:28:12 [DEBUG] could not get release rpc error: code = Unknown desc = Unauthorized

Most helpful comment

I'm having the same issue after trying to delete a helm chart, the tiller service account and rolebinding.
2019-09-16T15:17:46.774+0200 [DEBUG] plugin.terraform-provider-helm_v0.10.2_x4: 2019/09/16 15:17:46 [DEBUG] could not get release rpc error: code = Unknown desc = Unauthorized 2019/09/16 15:17:46 [ERROR] <root>: eval: *terraform.EvalRefresh, err: rpc error: code = Unknown desc = Unauthorized 2019/09/16 15:17:46 [ERROR] <root>: eval: *terraform.EvalSequence, err: rpc error: code = Unknown desc = Unauthorized

I cannot use the helm command anymore, which makes me believe the issue is related to the deletion of the resources and its order.

All 6 comments

+1

I'm having the same issue after trying to delete a helm chart, the tiller service account and rolebinding.
2019-09-16T15:17:46.774+0200 [DEBUG] plugin.terraform-provider-helm_v0.10.2_x4: 2019/09/16 15:17:46 [DEBUG] could not get release rpc error: code = Unknown desc = Unauthorized 2019/09/16 15:17:46 [ERROR] <root>: eval: *terraform.EvalRefresh, err: rpc error: code = Unknown desc = Unauthorized 2019/09/16 15:17:46 [ERROR] <root>: eval: *terraform.EvalSequence, err: rpc error: code = Unknown desc = Unauthorized

I cannot use the helm command anymore, which makes me believe the issue is related to the deletion of the resources and its order.

+1

+1

Closing this issue since is making reference to a version based on Helm 2, if this is still valid to the master branch please reopen it. Thanks.

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

Was this page helpful?
0 / 5 - 0 ratings