morgoved
morgoved
> Kiam will try to autodetect the arn prefix for your roles by default, it does this via the ec2 metadata api. > You can get around this by passing...
> Kiam will try to autodetect the arn prefix for your roles by default, it does this via the ec2 metadata api. > You can get around this by passing...
also i created roles by TF ``` resource "aws_iam_role" "server_role" { name = "kiam-server" description = "Role the Kiam Server process assumes" assume_role_policy =
hm ... i found that wget -qO- http://169.254.169.254 geting info of internal openstack api...
UPD i found problem `"error warming credentials: RequestError: send request failed\ncaused by: Post https://sts.amazonaws.com/: x509: certificate signed by unknown authority` and solve it changed path ``` / # ls /etc/ssl/certs/...
I found that https://github.com/uswitch/kiam/issues/385 talked that still need access to host ec2 api.... Does this mean that Kiam can only work inside AWS?
> Kiam does not need to be ran in AWS > What is the actual problem you're seeing? you've posted some info and warning logs, but those don't necessarily indicate...
> Something is killing your Kiam agents, as they're shutting down. Are the failing their liveness probe? If so you should look into why that's happening how i can do...
> `kubectl describe pod pod-name` ``` Name: kiam-agent-nfjln Namespace: base Node: mom-gatekeeper-argo-0-default-group-0/10.242.20.17 Start Time: Thu, 07 May 2020 00:33:25 +0300 Labels: app=kiam component=agent controller-revision-hash=66bb99d55 pod-template-generation=1 release=kiam Annotations: Status: Running IP:...
i updated node selector and toleration for set kiam-server executing on masters nodes and agents on others nodes. But i have these errors anyway.