Helm deployment auth troubleshootings

Hello here,

I’m trying to deploy my first Helm charts directly on Qovery.

I have followed these 2 tutorials:

• How to deploy Helm charts
• Use AWS IAM roles with Qovery

But I have an Auth error when I run my lifecycle cron job (qoveryrd/create-sa:1.0) and I don’t know where I’m doing wrong:

-> Ensuring required environment variables are present
-> Downloading kubectl version 1.26.0
-> Generated service account:
apiVersion: v1
kind: ServiceAccount
metadata:
 name: Qovery-User-Role
 namespace: xxxxxxxxx-kubernetes-metrics
 annotations:
   eks.amazonaws.com/role-arn: arn:aws:iam::xxxxxxxxxxxx:role/Qovery-User-Role
-> Getting kubeconfig
Added new context arn:aws:eks:eu-west-1:xxxxxxxxxxxx:cluster/qovery-xxxxxxxxx to /root/.kube/config
-> Deploying service account
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=serviceaccounts", GroupVersionKind: "/v1, Kind=ServiceAccount"
Name: "Qovery-User-Role", Namespace: "xxxxxxxxx-kubernetes-metrics"
from server for: "sa.yaml": serviceaccounts "Qovery-User-Role" is forbidden: User "system:node:ip-10-0-xx-xxx.eu-west-1.compute.internal" cannot get resource "serviceaccounts" in API group "" in the namespace "xxxxxxxxx-kubernetes-metrics": can only create tokens for individual service accounts

Thanks for your help

Hi @Mike , out of curiosity - did you use our new way of deploying Helm Charts?

Hello @rophilogene

With all your actualities I’ve missed this one

Way much better! Another awesome upgrade

Hello,

What I don’t understand yet is how to configure port forwarding in Qovery?

I’m trying to manage Service Name, Port, … but nothing works I always have a 503 nginx error.

I’m trying on simple Helm like Kubecost with a service port 9090.

If someone could help me to understand where I’m go wrong

Hi @Mike ,

there’s a small error in your “Network” configuration:

image486×682 26 KB

the name of the service created by the official Kubecost helm chart is something like <Helm_release_name>-cost-analyzer and not just “cost-analyzer”. (tpl function here)

The Helm release name is managed by Qovery and it is usually built as “helm-z<short_service_id>-<service_name>” but you can find it back by:

• connecting with K9s on your cluster
• have a look at the deployment logs, you can find the rendered templates and thus the service name
  

So in your case, you should set the service name to be “helm-zb731baef-kubecost-cost-analyzer” and then redeploy it.

We have updated our official doc to deploy Kubecost right here: Monitor and reduce Kubernetes spend with Kubecost | Qovery

Note: in the future, we will try to improve this step and allows you to select the service from a list instead of having to add it manually

HI @a_carrano

Firstly, thank you, I understand a little bit more the way it’s working.

Disclaimer: I’m not a big fan of K8 (I’m more fan of Nomad way, but starting to like helm ^^). So I need to learn and dig more on it

Now I’m trying to install a more complex Helm chart (Airbyte). Wish me good luck ^^

Airbyte ran like a breeze

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.