Helm error : Error: the server has asked for the client to provide credentials

Question

I have installed Rancher 2 and created a kubernetes cluster of internal vm's ( no AWS / gcloud).

The cluster is up and running.

I logged into one of the nodes.

1) Installed Kubectl and executed kubectl cluster-info . It listed my cluster information correctly.

2) Installed helm

curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh
chmod 700 get_helm.sh
./get_helm.sh

root@lnmymachine # helm version
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}

3) Configured helm referencing Rancher Helm Init

kubectl -n kube-system create serviceaccount tiller

kubectl create clusterrolebinding tiller \
  --clusterrole cluster-admin \
  --serviceaccount=kube-system:tiller

helm init --service-account tiller

Tried installing Jenkins via helm

root@lnmymachine # helm ls
Error: Unauthorized
root@lnmymachine # helm install --name initial stable/jenkins
Error: the server has asked for the client to provide credentials

Browsed similar issues and few of them were due to multiple clusters. I have only one cluster. kubectl gives all information correctly.

Any idea whats happening.

Answer 1

It seems there is a mistake while creating the ClusterRoleBinding:

Instead of --clusterrole cluster-admin, you should have --clusterrole=cluster-admin

You can check if this is the case by verifying if ServiceAccount, ClustrerRoleBinding were created correctly.

kubectl describe -n kube-system sa tiller

kubectl describe clusterrolebinding tiller

Seems like they have already fixed this on Rancher Helm Init page.

Answer 2

I was facing the same issue, but the following steps worked for me.

root@node1:~# helm install --name prom-operator stable/prometheus-operator --namespace monitoring
Error: the server has asked for the client to provide credentials

Step 1: Delete the Service Account

root@node1:~# kubectl delete serviceaccount --namespace kube-system tiller
serviceaccount "tiller" deleted

Step2: Delete the cluster role binding

root@node1:~# kubectl delete clusterrolebinding tiller-cluster-rule 
clusterrolebinding.rbac.authorization.k8s.io "tiller-cluster-rule" deleted

Step3: Remove helm directory

root@node1:~# rm -rf .helm/

Step4: Create the Service account again.

root@node1:~# kubectl create serviceaccount tiller --namespace kube-system
serviceaccount/tiller created

Step 5: Create the cluster role binding

root@node1:~# kubectl create clusterrolebinding tiller-cluster-rule \
>  --clusterrole=cluster-admin \
>  --serviceaccount=kube-system:tiller
clusterrolebinding.rbac.authorization.k8s.io/tiller-cluster-rule created

Step6: run helm init command

helm init --service-account=tiller

Creating /root/.helm 
Creating /root/.helm/repository 
Creating /root/.helm/repository/cache 
Creating /root/.helm/repository/local 
Creating /root/.helm/plugins 
Creating /root/.helm/starters 
Creating /root/.helm/cache/archive 
Creating /root/.helm/repository/repositories.yaml 
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com 
Adding local repo with URL: http://127.0.0.1:8879/charts 
$HELM_HOME has been configured at /root/.helm.
Warning: Tiller is already installed in the cluster.
(Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)

Step 7: Delete the tiller-deploy-xxx pod

kubectl delete pod -n kube-system tiller-deploy

pod "tiller-deploy-5d58456765-xlns2" deleted

Wait till it is recreated.

Step 8: Install the helm charts.

helm install --name prom-operator stable/prometheus-operator --namespace monitoring