AWS Integration on Kubernetes

4/12/2018

I'm having problems setting up AWS Integration on a Kubernetes Cluster. I've already set the kubernetes.io/cluster/clustername = owned tag on all Instances, Subnets, VPC, and in a Single SG. I've also passed the --cloud-provider=aws flag to both API Server and Controller Manager, but the Controller Manager does not start.

Controller Manager Logs:

I0411 21:03:48.360194       1 aws.go:1026] Building AWS cloudprovider
I0411 21:03:48.360237       1 aws.go:988] Zone not specified in configuration file; querying AWS metadata service
F0411 21:03:48.363067       1 controllermanager.go:159] error building controller context: cloud provider could not be initialized: could not init cloud provider "aws": error finding instance i-0442e20b4a28b2274: "error listing AWS instances: \"NoCredentialProviders: no valid providers in chain. Deprecated.\\n\\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors\""

The Policy Attached to the Master Nodes is:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [ "ec2:*" ],
      "Resource": [ "*" ]
    },
    {
      "Effect": "Allow",
      "Action": [ "elasticloadbalancing:*" ],
      "Resource": [ "*" ]
    },
    {
      "Effect": "Allow",
      "Action": [ "route53:*" ],
      "Resource": [ "*" ]
    }
  ]
}

Querying the AWS Metadata Service from a master via cURL returns proper credentials

Any help will be much appreciated!

P.S: I'm not using Kops or anything of that kind. I've set up the control components plane by myself.

-- Santiago Ignacio Poli
amazon-web-services
kubernetes

1 Answer

4/16/2018

I was able to fix this by passing the --cloud-provider=aws flag to the kubelets. I thought that wasn't needed on Master nodes.

Thanks!

-- Santiago Ignacio Poli
Source: StackOverflow