K
Q

Correct setup of kops permissions for AWS k8s

4/5/2018

I installed Kubernetes on AWS using kops. Part of this was setting up an IAM group and user:

aws iam create-group --group-name kops

aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonRoute53FullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/IAMFullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess --group-name kops

aws iam create-user --user-name kops
aws iam add-user-to-group --user-name kops --group-name kops
aws iam create-access-key --user-name kops

My kubernetes is up, but every now and again I run into weird errors and failures (Like not being able to mount an EC2 EBS to a pod). Thoughts are that perhaps its a permission thing. So I go to IAM and see this:

enter image description here

The kops user and group have never accessed anything!

Is this normal?

-- Roman
amazon-web-services
kops
kubernetes
permissions

Similar Questions

Kubernetes: Managing uploaded user content
Obtain Pod DNS Name Programmatically
How to put a dataset on a gcloud kubernetes cluster?
ingress-nginx permanent redirect 301 not working

1 Answer

5/8/2018

Yes, this seems to be normal.

The problem was the machine type of my workers.

My fully working cluster shows the same behavior.

-- Roman
Source: StackOverflow