K
Q

Kubernetes kops returning IAMRolePolicy error when creating cluster on AWS

8/10/2020

Here's my command:

kops create cluster --name=kubernetes.test123.test123 --state=s3bucket-123 --zones=us-east-1a --node-count=2 --node-size=t2.micro --master-size=t2.micro --dns-zone=kubernetes.test123.test123

The output I am receive is the following:

I0809 23:20:53.462666   42621 create_cluster.go:557] Inferred --cloud=aws from zone "us-east-1a"
I0809 23:20:53.679499   42621 subnets.go:184] Assigned CIDR 172.20.32.0/19 to subnet us-east-1a
I0809 23:20:53.808364   42621 create_cluster.go:1547] Using SSH public key: /Users/evan.dullsk/.ssh/id_rsa.pub
Previewing changes that will be made:

I0809 23:20:55.268711   42621 executor.go:103] Tasks: 0 done / 87 total; 43 can run
I0809 23:20:55.834951   42621 executor.go:103] Tasks: 43 done / 87 total; 26 can run
W0809 23:20:56.198813   42621 executor.go:128] error running task "IAMRolePolicy/masters.kubernetes.test123.test123" (9m59s remaining to succeed): error rendering PolicyDocument: error opening resource: error building IAM policy: failed to generate AWS IAM Policy for Master Instance Group: failed to generate AWS IAM S3 access statements: path is not cluster readable: s3bucket-123/kubernetes.test123.test123/
W0809 23:20:56.198862   42621 executor.go:128] error running task "IAMRolePolicy/nodes.kubernetes.test123.test123" (9m59s remaining to succeed): error rendering PolicyDocument: error opening resource: error building IAM policy: failed to generate AWS IAM Policy for Node Instance Group: failed to generate AWS IAM S3 access statements: path is not cluster readable: s3bucket-123/kubernetes.test123.test123/
I0809 23:20:56.198884   42621 executor.go:103] Tasks: 67 done / 87 total; 18 can run
W0809 23:20:56.435506   42621 executor.go:128] error running task "IAMRolePolicy/masters.kubernetes.test123.test123" (9m59s remaining to succeed): error rendering PolicyDocument: error opening resource: error building IAM policy: failed to generate AWS IAM Policy for Master Instance Group: failed to generate AWS IAM S3 access statements: path is not cluster readable: s3bucket-123/kubernetes.test123.test123/
W0809 23:20:56.435535   42621 executor.go:128] error running task "IAMRolePolicy/nodes.kubernetes.test123.test123" (9m59s remaining to succeed): error rendering PolicyDocument: error opening resource: error building IAM policy: failed to generate AWS IAM Policy for Node Instance Group: failed to generate AWS IAM S3 access statements: path is not cluster readable: s3bucket-123/kubernetes.test123.test123/
I0809 23:20:56.435551   42621 executor.go:103] Tasks: 83 done / 87 total; 4 can run

What am I missing? It looks like the cluster is still being created.

-- user2167582
amazon-s3
amazon-web-services
kops
kubernetes

Similar Questions

Can't connect to mysql in kubernetes
k8s go client: how to pass a v1.Deployment type to a function
Kubernetes env variables not working in sequelize-cli
Pods are not getting created and not running after a long time also
Setup react app build folder onto Google Kubernetes

1 Answer

6/30/2021

If you are running the kops command in a script (shell, bash etc) then, remember that the environment variables are different inside a script. So, ensure that you do not depend on the AWS credentials being in the environment variable or any other Kops related parameters (like AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, NAME, KOPS_STATE_STORE etc). It took me 3 hours to realize that it has nothing to do with my AWS permissions!

Just for your info, these are the permissions of my AWS user:

  • AmazonEC2FullAccess
  • AmazonRoute53FullAccess
  • AmazonS3FullAccess
  • IAMFullAccess
  • AmazonVPCFullAccess
-- gayatri.sa
Source: StackOverflow