[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: error querying AWS EBS volume from 'oc create'



               I may have traced the problem to Kubernetes running on RHEL 7 and derivatives. My EC2 instance runs CentOS 7.

               Brief recap. When trying to use ‘oc create –f aws-pv.yaml’ to create a Persistent Volume I get this error:

 

Error from server: error when creating "aws-persistent-volume.yaml": persistentvolumes "pv0001" is forbidden: error querying AWS EBS volume vol-05dffe55de3ac725db: error querying ec2 for volume info: error listing AWS volumes: UnauthorizedOperation: You are not authorized to perform this operation.
        status code: 403, request id:

 

               (Btw, I get the same error when I run ‘kubectl create…’)   

This error sounds like this error  https://github.com/kubernetes/kops/issues/668 

which was fixed in code merged with kubernetes:master in November 2016 https://github.com/kubernetes/kops/pull/829 

 

            If it’s possible I’m right, then Openshift v1.5.0-alpha.0+3b2bb35 runs a version of Kubernetes earlier than the one containing the fix.

 

            -David

 

 

From: Vyacheslav Semushin [mailto:vsemushi redhat com]
Sent: Saturday, March 25, 2017 2:25 PM
To: David VOGEL <David Vogel raytheon com>
Cc: users lists openshift redhat com
Subject: Re: error querying AWS EBS volume from 'oc create'

 

P.S. I forgot to mention that that you should check these files on master node(s).

 

2017-03-25 19:22 GMT+01:00 Vyacheslav Semushin <vsemushi redhat com>:

2017-03-25 16:50 GMT+01:00 David VOGEL <David Vogel raytheon com>:

V,

               Can you point me to the config files, properties, environment variables that Openshift may use to pass my AWS permissions to the Kubernetes api?

 

This link (https://docs.openshift.com/enterprise/3.2/install_config/configuring_aws.html) has a list of these files

· /etc/aws/aws.conf

· /etc/origin/master/master-config.yaml

· /etc/origin/node/node-config.yaml

· /etc/sysconfig/atomic-openshift-master

· /etc/sysconfig/atomic-openshift-node


 

As I previously said, my aws cli works fine, but it seems like the AWS permissions I have on my command line aren’t passed on by the oc cli to the kubernetes api.

               It’s probable I’ve screwed up a config somewhere. I could use help in in where and what to look for.



 




--

Slava Semushin | OpenShift




--

Slava Semushin | OpenShift


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]