Kubernetes Integration "Something went wrong while installing Helm Tiller"

helm
kubernetes

#1

I’m trying to connect gitlab to kubernetes. But everytime I set it up and try to install Helm from integration page I got this error:
Something went wrong while installing Helm Tiller
Can’t start installation process

I went throught all /var/log/gitlab/ logs, but I can’t see anything in there.
In /var/log/gitlab/gitlab-rails/production.log every GET request shows Completed 200 OK in … ms …
Nothing in kubernetes logs as well.

We have our production kubernetes only one week so maybe there is something wrong, but everything else is working there. I tried to set it up with and without CA cert and namespace filled on integration page with the same result.
I have installed clean kubernetes and gitlab just with our certificates on libvirt to avoid conflicts with anything else but I still can’t solve it.

Any clues how to find any usefull information, how to test integration or where to look for error?


#2

Got the same problem with a cluster running in GKE. However, if I remove the cert the installation process reports Kubernetes error: SSL_connect returned=1 errno=0 state=error: certificate verify failed. But it seems like if I write anything in the cert field it gets accepted.


#3

Same problem for me. I’m not able to see any details on logs.
Can we install helm using another method?


#4

Hi folks - GitLabber here. Sorry to here you are experiencing trouble with installing Helm. I’ve logged an issue to update the error message and docs: https://gitlab.com/gitlab-org/gitlab-ce/issues/45939

The goal of the one-click installs for the cluster integration is to eliminate manual set up. While there are bugs in the automated process, it is still possible to manually install helm. It requires you to set up kubeclt on your local machine to connect to your Kubernetes cluster. There are instructions here:
https://docs.gitlab.com/ee/topics/autodevops/quick_start_guide.html#connect-to-kubernetes-cluster


#5

Hi

I had the same error with minikube and GitLab CI/CD when adding a kubernetes cluster.

In my case I inspected the error manually with openssl tools like so:

$ openssl s_client -showcerts -connect 192.168.100.10:8443 < /dev/null &> apiserver.crt

In the first lines of output, the apiserver's certificate shows that the Subject and the Issuer.

Certificate chain
 0 s:/O=system:masters/CN=minikube
   i:/CN=minikubeCA

We need to get the issuer’s (root) certificate with Common Name minikubeCA. I found such certificate on ~/.minikube/ca.crt in the minikube host. That’s the one you need to paste in the GitLab Kubernetes cluster integration page:


Extra section

To check all the certificates on the minikube directory use this command and look for a certificate whose output looks like this:

$ find ~/.minikube/ \( -iname '*.crt' -o -iname '*.pem' \) -ls -exec openssl x509 -in {} -noout -subject -issuer \;

	...

123456      4 -rw-r--r--   1 tonejito   users       1066 May 10 18:00 ~/.minikube/ca.crt
issuer= /CN=minikubeCA
subject= /CN=minikubeCA

	...

Use OpenSSL to check if the CA certificate works:

$ openssl verify -verbose -CAfile ca.crt apiserver.crt
apiserver.crt: OK

#6

I’ve installed another single-node “cluster” to test GitLab integration with Kubernetes following the official guide with kubeadm [1].

According to the official documentation, the API URL is only https://hostname:port without trailing slash.

First, I listed the secrets as usual:

$ kubectl get secrets
NAME                           TYPE                                  DATA      AGE
default-token-tpvsd            kubernetes.io/service-account-token   3         2d
k8s-dashboard-sa-token-XXXXX   kubernetes.io/service-account-token   3         1d

Then I got the CA certificate directly from the JSON output via jq with a custom selector:

$ kubectl -o json get secret k8s-dashboard-sa-token-XXXXX | jq -r '.data."ca.crt"' | base64 -d - | tee ca.crt
-----BEGIN CERTIFICATE-----
MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
	...	...	...	...	...	...	...	...	...	...	...	...	...	...	...
FT55iMtPtFqAOnoYBCiLH6oT6Z1ACxduxPZA/EeQmTUoRJG8joczI0V1cnY=
-----END CERTIFICATE-----

After this, I could verify the CA certificate as usual:

$ openssl x509 -in ca.crt -noout -subject -issuer
subject= /CN=kubernetes
issuer= /CN=kubernetes

$ openssl s_client -showcerts -connect 192.168.100.20:6443 < /dev/null &> apiserver.crt

$ openssl verify -verbose -CAfile ca.crt apiserver.crt
apiserver.crt: OK

Happy hacking!


'Certificate verify failed' when setting up Kubernetes integration using a self-signed certificate
Kubernetes Integration
#7

I cannot find instructions to manually install helm there. Have they been (re-)moved?


#8

Links to official docs for installing kubeclt and helm: https://docs.gitlab.com/ee/install/kubernetes/preparation/tools_installation.html#doc-nav


#9

As far as I can see, these docs refer to Installing GitLab on Kubernetes, which is not the same as the Kubernetes integration we’re talking about here, is it?

The Kubernetes integration provides a one-click install of Helm, Ingress and Prometheus in a dedicated gitlab-managed-apps namespace in the Kubernetes cluster (see docs).

If the one-click install fails, how can I install Helm in such a way that it can be recognized and utilized by GitLab thereafter (i.e. appears as “Installed” in the Applications sections of the Cluster page in GitLab)?


#10

Seeing this today. I can deploy projects to kubernetes but I cannot install gitlab runner because I get "
Something went wrong while installing Helm Tiller

  • Kubernetes error."
    How can I install Helm Tiller so that Gitlab will see it. The kubernetes cluster is in use by several gitlab projects using autodevops which all deploy successfully.

#12

Can you paste the kubectl commands here? I cannot find any mention of kubectl on the page you provided.