-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(eks): helm install - kube config is insecure #14416
Comments
@mrsiejas I don't think those warnings are whats causing the failure. I deployed the dashboard using helm: cluster.addHelmChart('dashboard', {
chart: 'kubernetes-dashboard',
repository: 'https://kubernetes.github.io/dashboard/',
}); And it successfully despite those warnings: [INFO] 2021-05-05T10:25:13.417Z a5811ffd-8493-4ea7-b3ed-eaabebc456e6 b'WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /tmp/kubeconfig\nWARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /tmp/kubeconfig\nRelease "eksclusterchartdashboarde22e314d" does not exist. Installing it now.\nNAME: eksclusterchartdashboarde22e314d\nLAST DEPLOYED: Wed May 5 10:25:12 2021\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\nNOTES:\n*********************************************************************************\n*** PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install ***\n*********************************************************************************\n\nGet the Kubernetes Dashboard URL by running:\n export POD_NAME=$(kubectl get pods -n default -l "app.kubernetes.io/name=kubernetes-dashboard,app.kubernetes.io/instance=eksclusterchartdashboarde22e314d" -o jsonpath="{.items[0].metadata.name}")\n echo https://127.0.0.1:8443/\n kubectl -n default port-forward $POD_NAME 8443:8443\n' Note that the log you posted also contains: UPGRADE FAILED: an
other operation (install/upgrade/rollback) is in progress\n' Which I'm fairly certain is the real culprit. Looks like the previous installation must not have finished yet? You'll have to debug that a bit further. |
I've destroyed the stack. Rerun cdk deploy and still getting the error
Maybe this is a race condition somewhere in the stack?
The odd thing is that the same stack was deploying fine until recently, the changes made were bumping CDK version from 1.74 -> 1.93 and upgrading EKS to 1.19. |
I think you were right @iliapolo. The warning was not causing the chart to fail, it was a problem with Fluentbit immutable selector and the fact I was trying to update it via cdk deploy. Surprisingly cdk destroy didn't remove the old Helm chart. Still, I do believe the kube config permissions warning should be addressed and fixed for clarity. Having multiple unrelated errors in the output makes it more difficult to troubleshoot the actual issue. Thanks for looking into it. |
Opened #14560 to follow up on the warnings. Resolving this one. |
|
When deploying stack with helm chart, getting the following error related to insecure kube config created by Lambda:
Code snippet:
Reproduction Steps
What did you expect to happen?
Expect Helm chart to install and update helm chart successfully. Alternatively be able to suppress or ignore this warning (which is sent to stderr).
What actually happened?
cdk deploy fails and I'm not able to deploy helm on EKS.
Environment
Other
Can be related to this change: helm/helm#8779 where warning messages are being sent to stderr rather than stdout.
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: