[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: error querying AWS EBS volume from 'oc create'

               I may have traced the problem to Kubernetes running on RHEL 7 and derivatives. My EC2 instance runs CentOS 7.

               Brief recap. When trying to use ‘oc create –f aws-pv.yaml’ to create a Persistent Volume I get this error:


Error from server: error when creating "aws-persistent-volume.yaml": persistentvolumes "pv0001" is forbidden: error querying AWS EBS volume vol-05dffe55de3ac725db: error querying ec2 for volume info: error listing AWS volumes: UnauthorizedOperation: You are not authorized to perform this operation.
        status code: 403, request id:


               (Btw, I get the same error when I run ‘kubectl create…’)   

This error sounds like this error  https://github.com/kubernetes/kops/issues/668 

which was fixed in code merged with kubernetes:master in November 2016 https://github.com/kubernetes/kops/pull/829 


            If it’s possible I’m right, then Openshift v1.5.0-alpha.0+3b2bb35 runs a version of Kubernetes earlier than the one containing the fix.





From: Vyacheslav Semushin [mailto:vsemushi redhat com]
Sent: Saturday, March 25, 2017 2:25 PM
To: David VOGEL <David Vogel raytheon com>
Cc: users lists openshift redhat com
Subject: Re: error querying AWS EBS volume from 'oc create'


P.S. I forgot to mention that that you should check these files on master node(s).


2017-03-25 19:22 GMT+01:00 Vyacheslav Semushin <vsemushi redhat com>:

2017-03-25 16:50 GMT+01:00 David VOGEL <David Vogel raytheon com>:


               Can you point me to the config files, properties, environment variables that Openshift may use to pass my AWS permissions to the Kubernetes api?


This link (https://docs.openshift.com/enterprise/3.2/install_config/configuring_aws.html) has a list of these files

· /etc/aws/aws.conf

· /etc/origin/master/master-config.yaml

· /etc/origin/node/node-config.yaml

· /etc/sysconfig/atomic-openshift-master

· /etc/sysconfig/atomic-openshift-node


As I previously said, my aws cli works fine, but it seems like the AWS permissions I have on my command line aren’t passed on by the oc cli to the kubernetes api.

               It’s probable I’ve screwed up a config somewhere. I could use help in in where and what to look for.



Slava Semushin | OpenShift


Slava Semushin | OpenShift

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]