Unable to install Ingress to Kubernetes with Auto DevOps
Summary
After deploying a new Kubernetes cluster using Auto DevOps, installing Ingress failed with Error: release ingress failed: clusterroles.rbac.authorization.k8s.io "ingress-nginx-ingress" is forbidden
Steps to reproduce
- CI / CD > Kubernetes > Add Kubernetes cluster > Create on Google Kubernetes Engine > Sign in with Google
- Create Kubernetes cluster using following settings:
- Kubernetes cluster name: <any>
- Project ID: <your project ID>
- Zone: us-west1-b
- Number of nodes: 3
- Machine type: f1-micro
- Applications > Helm Tiller > Install (successfully installed)
- Applications > Ingress > Install, then failed with
Error: release ingress failed: clusterroles.rbac.authorization.k8s.io "ingress-nginx-ingress" is forbidden
Example Project
N/A
What is the current bug behavior?
Failed with error:
Error: release ingress failed: clusterroles.rbac.authorization.k8s.io "ingress-nginx-ingress" is forbidden: attempt to grant extra privileges:
[PolicyRule {
Resources: ["configmaps"],
APIGroups: [""],
Verbs: ["list"]
}
PolicyRule {
Resources: ["configmaps"],
APIGroups: [""],
Verbs: ["watch"]
}
PolicyRule {
Resources: ["endpoints"],
APIGroups: [""],
Verbs: ["list"]
}
PolicyRule {
Resources: ["endpoints"],
APIGroups: [""],
Verbs: ["watch"]
}
PolicyRule {
Resources: ["nodes"],
APIGroups: [""],
Verbs: ["list"]
}
PolicyRule {
Resources: ["nodes"],
APIGroups: [""],
Verbs: ["watch"]
}
PolicyRule {
Resources: ["pods"],
APIGroups: [""],
Verbs: ["list"]
}
PolicyRule {
Resources: ["pods"],
APIGroups: [""],
Verbs: ["watch"]
}
PolicyRule {
Resources: ["secrets"],
APIGroups: [""],
Verbs: ["list"]
}
PolicyRule {
Resources: ["secrets"],
APIGroups: [""],
Verbs: ["watch"]
}
PolicyRule {
Resources: ["nodes"],
APIGroups: [""],
Verbs: ["get"]
}
PolicyRule {
Resources: ["services"],
APIGroups: [""],
Verbs: ["get"]
}
PolicyRule {
Resources: ["services"],
APIGroups: [""],
Verbs: ["list"]
}
PolicyRule {
Resources: ["services"],
APIGroups: [""],
Verbs: ["update"]
}
PolicyRule {
Resources: ["services"],
APIGroups: [""],
Verbs: ["watch"]
}
PolicyRule {
Resources: ["ingresses"],
APIGroups: ["extensions"],
Verbs: ["get"]
}
PolicyRule {
Resources: ["ingresses"],
APIGroups: ["extensions"],
Verbs: ["list"]
}
PolicyRule {
Resources: ["ingresses"],
APIGroups: ["extensions"],
Verbs: ["watch"]
}
PolicyRule {
Resources: ["events"],
APIGroups: [""],
Verbs: ["create"]
}
PolicyRule {
Resources: ["events"],
APIGroups: [""],
Verbs: ["patch"]
}
PolicyRule {
Resources: ["ingresses/status"],
APIGroups: ["extensions"],
Verbs: ["update"]
}
] user = & {
system: serviceaccount: gitlab - managed - apps: default f72afacc - 54 fc - 11e8 - b617 - 42010 a8a0fc2[system: serviceaccounts system: serviceaccounts: gitlab - managed - apps system: authenticated] map[]
}
ownerrules = [PolicyRule {
Resources: ["selfsubjectaccessreviews"],
APIGroups: ["authorization.k8s.io"],
Verbs: ["create"]
}
PolicyRule {
NonResourceURLs: ["/api"
"/api/*"
"/apis"
"/apis/*"
"/healthz"
"/swagger-2.0.0.pb-v1"
"/swagger.json"
"/swaggerapi"
"/swaggerapi/*"
"/version"
],
Verbs: ["get"]
}
] ruleResolutionErrors = []
What is the expected correct behavior?
Ingress installed successfully
Relevant logs and/or screenshots
Screen_Shot_2018-05-11_at_9.20.38_PM
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
N/A
Results of GitLab application Check
N/A
Possible fixes
N/A
Edited by Brian T