API Connect

API Connect

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  helm3 install ingress-controller failed

    Posted Sun December 31, 2023 12:28 AM

    Hello,

    Tried to setup ingree-controller by following Kubernetes ingress controller prerequisites.

    The following command gave permission denied

    helm3 install ingress-controller ingress-nginx/ingress-nginx --namespace kube-system --values ingress-config.yaml

    Error: INSTALLATION FAILED: Kubernetes cluster unreachable: error loading config file "/etc/kubernetes/admin.conf": open /etc/kubernetes/admin.conf: permission denied

    However, I have no problem to open the file /etc/kubernetes/admin.conf

    I checked the node which is in Ready state

    kubectl get node -o wide
    NAME    STATUS   ROLES           AGE     VERSION   INTERNAL-IP       EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION     CONTAINER-RUNTIME
    myapi   Ready    control-plane   4d18h   v1.28.2   192.168.253.155   <none>        Ubuntu 22.04.3 LTS   6.2.0-39-generic   containerd://1.6.26

    Some basic pods are in running state:

    kubectl get pods -A -o wide
    NAMESPACE          NAME                                       READY   STATUS    RESTARTS       AGE     IP                NODE    NOMINATED NODE   READINESS GATES
    calico-apiserver   calico-apiserver-6b8c464f88-wbhn9          1/1     Running   10 (11m ago)   4d18h   192.168.131.70    myapi   <none>           <none>
    calico-apiserver   calico-apiserver-6b8c464f88-wxfhb          1/1     Running   10 (11m ago)   4d18h   192.168.131.126   myapi   <none>           <none>
    calico-system      calico-kube-controllers-5ddbbd46fd-n242s   1/1     Running   10 (11m ago)   4d18h   192.168.131.69    myapi   <none>           <none>
    calico-system      calico-node-42b7d                          1/1     Running   10 (11m ago)   4d18h   192.168.253.155   myapi   <none>           <none>
    calico-system      calico-typha-57fbbff7fb-ksqlf              1/1     Running   12 (11m ago)   4d18h   192.168.253.155   myapi   <none>           <none>
    calico-system      csi-node-driver-lq69g                      2/2     Running   20 (11m ago)   4d18h   192.168.131.67    myapi   <none>           <none>
    kube-system        coredns-5dd5756b68-7wcmb                   1/1     Running   10 (11m ago)   4d18h   192.168.131.127   myapi   <none>           <none>
    kube-system        coredns-5dd5756b68-nf2g7                   1/1     Running   10 (11m ago)   4d18h   192.168.131.125   myapi   <none>           <none>
    kube-system        etcd-myapi                                 1/1     Running   10 (11m ago)   4d18h   192.168.253.155   myapi   <none>           <none>
    kube-system        kube-apiserver-myapi                       1/1     Running   10 (11m ago)   4d18h   192.168.253.155   myapi   <none>           <none>
    kube-system        kube-controller-manager-myapi              1/1     Running   10 (11m ago)   4d18h   192.168.253.155   myapi   <none>           <none>
    kube-system        kube-proxy-jqm5c                           1/1     Running   10 (11m ago)   4d18h   192.168.253.155   myapi   <none>           <none>
    kube-system        kube-scheduler-myapi                       1/1     Running   10 (11m ago)   4d18h   192.168.253.155   myapi   <none>           <none>
    tigera-operator    tigera-operator-94d7f7696-sdvdc            1/1     Running   20 (10m ago)   4d18h   192.168.253.155   myapi   <none>           <none>

    How could I solve the issue of "helm3 install"?

    Thanks very much in advance



    ------------------------------
    Frank Ning
    Technical consultant - solution architect
    Toronto ON
    ------------------------------


  • 2.  RE: helm3 install ingress-controller failed

    Posted Sun December 31, 2023 10:49 AM

    Hi @Frank Ning,

    Even though you can manually access this file, Helm may be running under a different user or context that doesn't have the necessary permissions. Some options I can think of:
    1. Ensure that the user running the `helm` command has sufficient permissions to access the Kubernetes configuration file. You can check the current user with the command `whoami`. You can also use sudo with helm command (not appropiate).
    2. Sometimes, the Kubernetes context might not be set correctly, or Helm might be trying to access a different cluster. You can check the current context with `kubectl config current-context` and list all contexts with `kubectl config get-contexts`.
    3. Ensure that the kubeconfig file (`/etc/kubernetes/admin.conf`) has the correct permissions. You can modify the permissions with `chmod`, but be cautious as this can affect cluster security. Typically, a kubeconfig file should have read and write permissions for the owner and no permissions for others.
    4. Run the Helm command with the `--debug` flag to get more detailed error information which can be helpful in diagnosing the problem: 
      `helm3 install ingress-controller ingress-nginx/ingress-nginx --namespace kube-system --values ingress-config.yaml --debug`
    5. If you're running Helm from within a pod in the Kubernetes cluster, ensure that the service account used by the pod has the necessary permissions to interact with the Kubernetes API.
    I hope this helps.


    ------------------------------
    Ruchi Yadav
    ------------------------------

    Original Message


  • 3.  RE: helm3 install ingress-controller failed

    Posted Mon January 01, 2024 08:12 PM

    Thanks, Ruchi.

    I switched to Microk8s which made the setup more smooth. I now have issue with operator deployment. I will open a new question.



    ------------------------------
    Frank Ning
    Technical consultant - solution architect
    Toronto ON
    ------------------------------

    Original Message