K
Q

kubectl error querying EC2 for volume info

3/27/2017

I'm running Kubernetes v1.4.0+776c994 on an EC2 instance in AWS GovCloud. I can list EC2 volumes with 'aws ec2 describe-volumes', but when I try to create a persistent volume, 'kubectl create -f aws-pv.yaml', I get this error:

{
    "kind":"Status",
    "apiVersion":"v1",
    "metadata":{},
    "status":"Failure",
    "message":"persistentvolumes \"pv0001\" is forbidden: error querying AWS EBS volume vol-05dffe55de3ac725b: error querying ec2 for volume info: error listing AWS volumes: UnauthorizedOperation: You are not authorized to perform this operation.\n\tstatus code: 403, request id:",
    "reason":"Forbidden",
    "details": {
        "name":"pv0001",
        "kind":"persistentvolumes"
    },
    "code":403
}

I've set these environment variables:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_REGION=us-gov-west-1
CURL_CA_BUNDLE=/etc/origin/master/ca.crt
-- David Vogel
amazon-ec2
amazon-web-services
kubernetes

Similar Questions

Filebeat with ELK stack running in Kubernetes does not capture pod name in logs
When I resize a cluster size 1000 to 0, GKE node remains about 30 minutes on kubectl get node result
Memory discrepancy between Kubernetes Dashboard and actual usage
Is it possible to use Kubernetes for Gitlab build runners and how?

1 Answer

3/28/2017

My IAM role, as the AWS user dvogel, allows me to successfully run the query 'aws ec2 describe-volumes', but apparently my permissions aren't passed to the Kubernetes api when I run 'kubectl create -f aws-pv.yaml' in the same terminal. I'm guessing I need to set something, in admin.kubeconfig?, to do this.

-- David Vogel
Source: StackOverflow