Search code examples
ibm-appid

I can't install the app-identity-and-access-adapter on Kubernetes

veerI visited the project app-identity-and-access-adapter and I want to check it inside a Kubernetes Microservices project.

The installation app-identity-and-access-adapter to a IBM Cloud Kubernetes Cluster did not work.

a) Adding repository works:

cloud-native-starter % helm repo add appidentityandaccessadapter https://raw.githubusercontent.com/ibm-cloud-security/app-identity-and-access-adapter/master/helm/appidentityandaccessadapter
"appidentityandaccessadapter" has been added to your repositories

b) Installation does not work:

cloud-native-starter % helm install --name appidentityandaccessadapter appidentityandaccessadapter/appidentityandaccessadapter
Error: secrets "appidentityandaccessadapter-cookie-sig-enc-keys" is forbidden: User "system:serviceaccount:kube-system:default" cannot delete resource "secrets" in API group "" in the namespace "istio-system"

I searched on the internet to find a solution, but I wasn't successful.

I was pointed to here to ask for help by the documentation.

The environment:

Free IBM Cloud Kubernetes Cluster

Kubernetes Versions:

Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.0", GitCommit:"2bd9643cee5b3b3a5ecbd3af49d09018f0773c77", GitTreeState:"clean", BuildDate:"2019-09-18T14:36:53Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.9+IKS", GitCommit:"405ef9ab782f5b51dff56dabe3628585d99afbfa", GitTreeState:"clean", BuildDate:"2019-11-13T21:34:44Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}

Istio on Kubernetes: 1.4

Helm:

Client: &version.Version{SemVer:"v2.15.2", GitCommit:"8dce272473e5f2a7bf58ce79bb5c3691db54c96b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.15.2", GitCommit:"8dce272473e5f2a7bf58ce79bb5c3691db54c96b", GitTreeState:"clean"}
Solution

  • Now I was able to install.

    Step 1:

    I change the version of the helm installation from v2.15.2 to version.BuildInfo{Version:"v3.0.1", GitCommit:"7c22ef9ce89e0ebeb7125ba2ebf7d421f3e82ffa", GitTreeState:"clean", GoVersion:"go1.13.4"}

    Step 2: set the Kubernetes namespace to istio-system

    $ kubectl config set-context --current --namespace=istio-system

    Step 3:

    I did not use the documented statement, which is not valid for helm version v3.0.1

    • helm install --name appidentityandaccessadapter ....

    I used following statment:

    • helm install appidentityandaccessadapter ....

    Then it was possible to install the appidentityandaccessadapter:

    $ helm install  appidentityandaccessadapter appidentityandaccessadapter/appidentityandaccessadapter
NAME: appidentityandaccessadapter
LAST DEPLOYED: Fri Dec 13 11:39:10 2019
NAMESPACE: istio-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
App Identity and Access Adapter installed successfully!

    By the way:

    You should know, you can also find the installation steps in the IBM AppID Service Documentation