https://pulumi.com logo
Join Slack
Powered by
hey all - i stood up the eks example and i'm tryin...
# general
t
hey all - i stood up the eks example and i'm trying to deploy a helm chart like the example, except it's a different one. it's failing to start and i think it's my syntax.
Copy code
export const kubeconfig = cluster.kubeconfig;

const myk8s = new k8s.Provider("myk8s", {
    kubeconfig: cluster.kubeconfig.apply(JSON.stringify),
});

const nginx = new helm.v2.Chart("rancher-nginx", {
    namespace: "rancher",
    repo: "stable",
    chart: "nginx-ingress",
    values: {
        "rbac.create": "true"
    },
 }, { providers: { kubernetes: myk8s }});
Error is:
Copy code
F0611 21:51:10.809459       6 main.go:98] ✖ The cluster seems to be running with a restrictive Authorization mode and the Ingress controller does not have the required permissions to operate normally.
I'm trying to get the equivalent of this command: 
helm install stable/nginx-ingress --name my-nginx --set rbac.create=true
(from https://kubernetes.github.io/ingress-nginx/deploy/)
have to run but will check back later -- sorry for the n00bish question!
h
Quick thought: try
Copy code
values: {
  rbac: {
    create: "true" 
 } 
}
t
that looks reasonable -- i tried it and get the same error. going to drop to helm
n
Copy code
const nginxingresscntlr = new k8s.helm.v2.Chart("nginxingresscontroller", {
  repo: "stable",
  chart: "nginx-ingress",
  version: "0.24.1",
  values: {},
}, { providers: { kubernetes: myk8s }});
try this - should work
once this works, then we can try with 
rbac create = true
also btw, why are you using nginx ingress -- if the idea is to use EKS, I would go with alb-ingress-controller which is supported by EKS and scales much better:
t
thanks for your suggestions! as far as the nginx choice, i was trying to install rancher2 on EKS, per https://forums.rancher.com/t/install-rancher-on-aws-eks/11637/4 -- i'm still completely new to EKS and pulumi; alb-ingress-controller sounds like the way to go for sure
i dropped down to helm and was able to install both, though i'm not sure i configured the ingress exactly right
n
you can test this -- you should be able to see the nginx controller in the namespace and the default backend
t
cool - i am able to hit the elb and i see 'default backend - 404' from what i can tell it seems like i have the ingress and service in different namespaces possibly
n
as long as your EKS cluster is running, you can slowly work the code in
and test the steps one at a time
try deploying an ingress
and see if it works
t
ok cool i feel more comfortable w whats going on. i'll start from there and see if i can get things tested, then try to write in pulumi
my assumption was some of my problems were with not having helm syntax correct for pulumi to evaluate the chart without using tiller -- do you think that's a safe assumption? i had trouble w other charts too
n
yes if the syntax is wrong, then you would have trouble but if you are using VSCode, it will immediately tell you whats wrong.
for eg. you used 
new helm.v2.Chart()
which is not correct syntax as you need to use the Pulumi kubernetes library imported as k8s
and a new instance of 
k8s.helm.v2.Chart ()
makes sense
the nice part is with pulumi you dont need tiller running
and the 
kubernetes
library converts the helm charts and reuses them
t
ok - vscode was happy with these imports: import * as
Copy code
awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";
import * as helm from "@pulumi/kubernetes/helm";
n
ah! I didn't even import helm
t
yeah i think that is what i wanted to dive deeper into - the translation of the chart by pulumi so it doesn't need to run the template through tiller
n
I just import k8s
t
i forgot i added that and it wasnt in the example
sorry
n
🙂
np at all - we are learning here!
t
any example of eks with the alb-ingress-controller out there that you know of? is it prebaked into the eks example already? i tried to add it in today and was running into problems
n
https://github.com/pulumi/pulumi-eks/issues/29 -- just realized we dont have a 1st class citizen yet -- coming soon. but you can manually do this for now: https://github.com/kubernetes-sigs/aws-alb-ingress-controller
💯 1
Open in Slack
PreviousNext
Powered by