Enabling cross-namespace references on flux and Azure AKS / gitops

Question

Trying to add a nginx ingress controller (amongst other things) to my Azure AKS cluster and running into the following issue when trying to deploy via the MS flux v2 gitops setup. Think it's related to the flux/aks side of things but not too sure on where to start to enable the cross-namespace setting.

Anyone any ideas?

[
    {
        "lastTransitionTime": "2022-07-08T14:43:57+00:00",
        "message": "can't access  cross-namespace references have been blocked",
        "reason": "AccessDenied",
        "status": "False",
        "type": "Ready"
    }
]

trying to deploy using this helm manifest setup:

apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
  name: ingress-nginx
  namespace: flux-system
spec:
  interval: 30m
  url: https://kubernetes.github.io/ingress-nginx

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: ingress-nginx
  namespace: ingress-system
spec:
  interval: 5m
  chart:
    spec:
      chart: ingress-nginx
      version: '4.0.13'
      sourceRef:
        kind: HelmRepository
        name: ingress-nginx
        namespace: flux-system
      interval: 1m

Read network policies being mentioned on my cluster but not seeing anything that looks relevant. Maybe just me!!

Anyone any tips? Thank you

score 0 · Accepted Answer · answered Jul 08 '22 at 19:19

0

From the error message, it looks like you bootstrapped your Flux installation with the following flag: --no-cross-namespace-refs=true.

Note that on multi-tenant clusters, platform admins can disable cross-namespace references with the --no-cross-namespace-refs=true flag. When this flag is set, the helmrelease can only refer to sources in the same namespace as the helmrelease object.

Reference: https://fluxcd.io/docs/components/helm/helmreleases/#helm-chart-template

answered Jul 08 '22 at 19:19

javierlga

1,409
9
14

This setup is using the Microsoft extension. Will dig into if can amend it! – John Fox Jul 08 '22 at 20:04
I'm inferring is enabled by default, according to this doc https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/tutorial-use-gitops-flux2#opt-out-of-multi-tenancy, you'll likely need to set to set `--configuration-settings multiTenancy.enforce=false` – javierlga Jul 08 '22 at 20:14
1

This multi tenancy change done the trick and managed to sort it running a flux update command from the azure cli. Thanks for the help!! – John Fox Jul 11 '22 at 08:50

score 0 · Answer 2 · answered Nov 16 '22 at 13:08

0

Just check below issue and disabling multitenancy which resolve this issue. https://github.com/fluxcd/flux2/issues/3182

answered Nov 16 '22 at 13:08

Prabhu

1
1

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Nov 20 '22 at 12:45

Enabling cross-namespace references on flux and Azure AKS / gitops

2 Answers2