RE: error querying AWS EBS volume from 'oc create'

[David VOGEL]

               I may have traced the problem to Kubernetes running on RHEL 7 
and derivatives. My EC2 instance runs CentOS 7.
               Brief recap. When trying to use ‘oc create –f aws-pv.yaml’ to 
create a Persistent Volume I get this error:

Error from server: error when creating "aws-persistent-volume.yaml": 
persistentvolumes "pv0001" is forbidden: error querying AWS EBS volume 
vol-05dffe55de3ac725db: error querying ec2 for volume info: error listing AWS 
volumes: UnauthorizedOperation: You are not authorized to perform this 
operation.
        status code: 403, request id:

               (Btw, I get the same error when I run ‘kubectl create…’)
This error sounds like this error  https://github.com/kubernetes/kops/issues/668
which was fixed in code merged with kubernetes:master in November 2016 
https://github.com/kubernetes/kops/pull/829

            If it’s possible I’m right, then Openshift v1.5.0-alpha.0+3b2bb35 
runs a version of Kubernetes earlier than the one containing the fix.

            -David


From: Vyacheslav Semushin [mailto:vsemu...@redhat.com]
Sent: Saturday, March 25, 2017 2:25 PM
To: David VOGEL <david.vo...@raytheon.com>
Cc: users@lists.openshift.redhat.com
Subject: Re: error querying AWS EBS volume from 'oc create'

P.S. I forgot to mention that that you should check these files on master 
node(s).

2017-03-25 19:22 GMT+01:00 Vyacheslav Semushin 
<vsemu...@redhat.com<mailto:vsemu...@redhat.com>>:
2017-03-25 16:50 GMT+01:00 David VOGEL 
<david.vo...@raytheon.com<mailto:david.vo...@raytheon.com>>:
V,
               Can you point me to the config files, properties, environment 
variables that Openshift may use to pass my AWS permissions to the Kubernetes 
api?

This link 
(https://docs.openshift.com/enterprise/3.2/install_config/configuring_aws.html) 
has a list of these files

· /etc/aws/aws.conf

· /etc/origin/master/master-config.yaml

· /etc/origin/node/node-config.yaml

· /etc/sysconfig/atomic-openshift-master

· /etc/sysconfig/atomic-openshift-node


As I previously said, my aws cli works fine, but it seems like the AWS 
permissions I have on my command line aren’t passed on by the oc cli to the 
kubernetes api.
               It’s probable I’ve screwed up a config somewhere. I could use 
help in in where and what to look for.






--
Slava Semushin | OpenShift



--
Slava Semushin | OpenShift

_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users