Search code examples
gitlabkubernetes-helmazure-aksnginx-ingresscicd

Installing nginx-ingress using Helm returns "Error: rendered manifests contain a resource that already exists"

I have a GitLab pipeline to deploy a Kubernetes cluster using Terraform on Azure. The first time I used the pipeline everything went fine. Once I finished doing my tests I ran the destroy phase and everything was destroyed. Yesterday I reran the pipeline to create the cluster, all the stages went well except the last that installs the nginx-ingress using helm.

install_nginx_ingress:
  stage: install_dependencies
  image:  alpine/helm:3.1.1
  script:
    - helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
    - helm repo update
    - >
      helm install nginx-ingress ingress-nginx/ingress-nginx
      --namespace default
      --set controller.replicaCount=2
  dependencies:
    - apply
  rules:
    - if: $CI_COMMIT_BRANCH ==  $CI_DEFAULT_BRANCH && $PHASE == "DEPLOY"

When this stage is executed, this is what I have in the GitLab console:

$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
"ingress-nginx" has been added to your repositories
$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "ingress-nginx" chart repository
Update Complete. ⎈ Happy Helming!⎈ 
$ helm install nginx-ingress ingress-nginx/ingress-nginx --namespace default --set controller.replicaCount=2
Error: rendered manifests contain a resource that already exists. 
Unable to continue with install: could not get information about the resource: poddisruptionbudgets.policy "nginx-ingress-ingress-nginx-controller" is forbidden: User "system:serviceaccount:gitlab-managed-apps:default" cannot get resource "poddisruptionbudgets" in API group "policy" in the namespace "default"
Cleaning up project directory and file based variables
ERROR: Job failed: command terminated with exit code 1

What Is happening !?

Solution

  • Check this error line. This explain the issue.

    Unable to continue with install: could not get information about the resource: poddisruptionbudgets.policy "nginx-ingress-ingress-nginx-controller" is forbidden: User "system:serviceaccount:gitlab-managed-apps:default" cannot get resource "poddisruptionbudgets" in API group "policy" in the namespace "default"

    Your nginx-ingress-ingress-nginx-controller does not have RBAC permission for get operation on poddisruptionbudgets resource.

    Look like kubernetes/ingress-nginx chart has PodDisruptionBudget defined but the ClusterRole does not include any permission for poddisruptionbudgets resource.