I'm running Kubernetes v1.4.0+776c994 on an EC2 instance in AWS GovCloud. I can list EC2 volumes with 'aws ec2 describe-volumes', but when I try to create a persistent volume, 'kubectl create -f aws-pv.yaml', I get this error:
{
"kind":"Status",
"apiVersion":"v1",
"metadata":{},
"status":"Failure",
"message":"persistentvolumes \"pv0001\" is forbidden: error querying AWS EBS volume vol-05dffe55de3ac725b: error querying ec2 for volume info: error listing AWS volumes: UnauthorizedOperation: You are not authorized to perform this operation.\n\tstatus code: 403, request id:",
"reason":"Forbidden",
"details": {
"name":"pv0001",
"kind":"persistentvolumes"
},
"code":403
}
I've set these environment variables:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_REGION=us-gov-west-1
CURL_CA_BUNDLE=/etc/origin/master/ca.crt
My IAM role, as the AWS user dvogel, allows me to successfully run the query 'aws ec2 describe-volumes', but apparently my permissions aren't passed to the Kubernetes api when I run 'kubectl create -f aws-pv.yaml' in the same terminal. I'm guessing I need to set something, in admin.kubeconfig?, to do this.