Comments (8)
stevenoctopus
commented on June 12, 2024
I'm not using kubicorn but I just ran into this today walking through the Getting Started with Amazon EKS guide. I followed the same exact steps I did last week, where I did not receive this error.
I was able to get around it by attaching a new policy to the role I assigned to my EKS cluster but I wonder what changed?
from kubicorn.
texasmichelle
commented on June 12, 2024
@stevenoctopus Which policy fixed the issue?
from kubicorn.
stevenoctopus
commented on June 12, 2024
I created a new policy, which allowed the service role I created for eks to perform iam:CreateServiceLinkedRole on the AWSServiceRoleForElasticLoadBalancing role in my account, and then attached that to the eks service role.
However, I don't think that is correct to do. I found out AWS automatically created the AWSServiceRoleForElasticLoadBalancing role if you created a load balancer before January of this year. (I'm on my phone or I would link the docs where I found this)
Nothing in my account was using the AWSServiceRoleForElasticLoadBalancing role so I wanted to try deleting it and starting the process over. I will try on Monday and report back my results.
from kubicorn.
stevenoctopus
commented on June 12, 2024
No luck deleting the role and trying again. I get the same error even when the AWSServiceRoleForElasticLoadBalancing role doesn't exist in my account. Very strange.
There is a post about this in the AWS forums that I am also watching.
from kubicorn.
stevenoctopus
commented on June 12, 2024
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "arn:aws:iam::015345740490:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing"
}
]
}
Here is a policy you can attach to the EKS service role as a workaround for the time being. I subbed in the correct account ID for you already.
from kubicorn.
texasmichelle
commented on June 12, 2024
Thanks for posting the additional context. Is iam:CreateServiceLinkedRole not covered by IAMFullAccess?
from kubicorn.
stevenoctopus
commented on June 12, 2024
It is, but it would be unwise to give EKS IAMFullAccess as it could
possibly delete/modify existing IAM services.
…On Mon, Jul 30, 2018, 6:09 PM Michelle Casbon ***@***.***> wrote:
Thanks for posting the additional context. Is iam:CreateServiceLinkedRole
not covered by IAMFullAccess?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#656 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AD_VWrErdpnbYq3YdiSFYlnJ3rvms9RPks5uL4QggaJpZM4VfVLn>
.
from kubicorn.
texasmichelle
commented on June 12, 2024
Makes sense - this particular example is for a demo, so I'm less concerned for now & can reduce the scope once it's all working. The service account I created for kubicorn already has IAMFullAccess, so I'm not sure I understand how to apply this workaround.
from kubicorn.
Related Issues (20)
- Not deploying on OVH HOT 9
- Default AWS provider - worker nodes fail to join cluster HOT 2
- Issue while deploying to OVH HOT 3
- intermittent failures HOT 3
- Cannot apply OVH HOT 14
- using ovh profile and "invalid memory address or nil pointer dereference" HOT 2
- AWS: validate user data doesn't exceed 16kb limit
- Azure: choose resource group name to create multiples cluster inside the same one HOT 1
- Packet setup fails HOT 2
- Unable to set numeric properties with --master-set, --node-set, --set HOT 1
- Simple test fails HOT 2
- panic: runtime error: invalid memory address or nil pointer dereference HOT 2
- Support Debian on DigitalOcean HOT 1
- Support Container Linux on DigitalOcean
- Intermittent failures fetching kubeconfig on AWS
- Submodule is using ssh rather than https HOT 1
- AWS Walkthrough needs IAM Access Permissions
- DigitalOcean not work at all
- Unable to install Kubicorn on AWS
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubicorn.