Installing prometheus via helm failing
1,177 views
Skip to first unread message
jeremy...@aurotfp.com
Feb 12, 2018, 11:21:52 AM2/12/18
to Prometheus Users
I'm trying to install prometheus via helm on a new cluster. I've seen this error in different groups but I'm not able to get by it. This is cluster is running on AWS setup using kops.
Commands:
kubectl -n kube-system create sa tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller
helm repo add coreos https://s3-eu-west-1.amazonaws.com/coreos-charts/stable/
helm install coreos/prometheus-operator --name prometheus-operator --namespace monitoring
helm install coreos/kube-prometheus --name kube-prometheus --set global.rbacEnable=true --namespace monitoring
Errors:
Error: release prometheus-operator failed: clusterroles.rbac.authorization.k8s.io "prometheus-operator" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["thirdpartyresources"], APIGroups:["extensions"], Verbs:["*"]} PolicyRule{Resources:["customresourcedefinitions"], APIGroups:["apiextensions.k8s.io"], Verbs:["*"]} PolicyRule{Resources:["alertmanager"], APIGroups:["monitoring.coreos.com"], Verbs:["*"]} PolicyRule{Resources:["alertmanagers"], APIGroups:["monitoring.coreos.com"], Verbs:["*"]} PolicyRule{Resources:["prometheus"], APIGroups:["monitoring.coreos.com"], Verbs:["*"]} PolicyRule{Resources:["prometheuses"], APIGroups:["monitoring.coreos.com"], Verbs:["*"]} PolicyRule{Resources:["service-monitor"], APIGroups:["monitoring.coreos.com"], Verbs:["*"]} PolicyRule{Resources:["servicemonitors"], APIGroups:["monitoring.coreos.com"], Verbs:["*"]} PolicyRule{Resources:["statefulsets"], APIGroups:["apps"], Verbs:["*"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["delete"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["update"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["update"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["list"]}] user=&{system:serviceaccount:kube-system:default dc69d588-100e-11e8-9505-0ef4bb254190 [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[] ruleResolutionErrors=[]
Error: apiVersion "monitoring.coreos.com/v1alpha1" in kube-prometheus/charts/exporter-kubernetes/templates/servicemonitor.yaml is not available
Versions:
$ helm version
Client: &version.Version{SemVer:"v2.7.2", GitCommit:"8478fb4fc723885b155c924d1c8c410b7a9444e6", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.7.2", GitCommit:"8478fb4fc723885b155c924d1c8c410b7a9444e6", GitTreeState:"clean"}
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.6", GitCommit:"4bc5e7f9a6c25dc4c03d4d656f2cefd21540e28c", GitTreeState:"clean", BuildDate:"2017-09-14T06:55:55Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.6", GitCommit:"4bc5e7f9a6c25dc4c03d4d656f2cefd21540e28c", GitTreeState:"clean", BuildDate:"2017-09-14T06:36:08Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
$ kops version
Version 1.7.0 (git-e04c29d)
Any ideas?
Thanks!
efa...@gmail.com
Feb 13, 2018, 3:49:27 AM2/13/18
to Prometheus Users
Hi Jeremy,
I think you need to enable RBAC or switch to kubernetes 1.8.
For more info: https://kubernetes.io/docs/admin/authorization/rbac/
Regards
Fahad
I think you need to enable RBAC or switch to kubernetes 1.8.
For more info: https://kubernetes.io/docs/admin/authorization/rbac/
Regards
Fahad
Message has been deleted
jeremy...@aurotfp.com
Feb 20, 2018, 3:54:24 PM2/20/18
to Prometheus Users
I've tried both 1.8 and 1.9 and I get the same error
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.1", GitCommit:"3a1c9449a956b6026f075fa3134ff92f7d55f812", GitTreeState:"clean", BuildDate:"2018-01-04T11:52:23Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.3", GitCommit:"d2835416544f298c919e2ead3be3d0864b52323b", GitTreeState:"clean", BuildDate:"2018-02-07T11:55:20Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
$ helm install coreos/prometheus-operator --name prometheus-operator --namespace monitoring
Error: release prometheus-operator failed: clusterroles.rbac.authorization.k8s.io "prometheus-operator" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["thirdpartyresources"], APIGroups:["extensions"], Verbs:["*"]} PolicyRule{Resources:["customresourcedefinitions"], APIGroups:["apiextensions.k8s.io"], Verbs:["*"]} PolicyRule{Resources:["alertmanager"], APIGroups:["monitoring.coreos.com"], Verbs:["*"]} PolicyRule{Resources:["alertmanagers"], APIGroups:["monitoring.coreos.com"], Verbs:["*"]} PolicyRule{Resources:["prometheus"], APIGroups:["monitoring.coreos.com"], Verbs:["*"]} PolicyRule{Resources:["prometheuses"], APIGroups:["monitoring.coreos.com"], Verbs:["*"]} PolicyRule{Resources:["service-monitor"], APIGroups:["monitoring.coreos.com"], Verbs:["*"]} PolicyRule{Resources:["servicemonitors"], APIGroups:["monitoring.coreos.com"], Verbs:["*"]} PolicyRule{Resources:["statefulsets"], APIGroups:["apps"], Verbs:["*"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["delete"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["update"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["update"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["list"]}] user=&{system:serviceaccount:kube-system:default efd714f0-167e-11e8-bd94-0edf41b22794 [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[] ruleResolutionErrors=[]
oliver....@gsi.io
Apr 6, 2018, 4:04:46 AM4/6/18
to Prometheus Users
Did you ever manage to get past this point?
I have come across the same issue and interested to know how to proceed
Reply all
Reply to author
Forward
0 new messages