kube-aws-iam-controller icon indicating copy to clipboard operation
kube-aws-iam-controller copied to clipboard

Published 20 hours ago verified publisher icon zalando-incubator

Incomplete setup documentation

Open instaastro opened this issue 3 years ago • 1 comments

I have tried to seutp kube-aws-iam-controller as documented but have not been able to do so even after several attempts. At first instance I got error when applying the deployment that kube-aws-iam-controller service account not found. I explicitly created service-account and granted clusterwide role to get, list and watch secrets (which is undocumented). After this the deployment succeeds but I get the following error from the pod:

level=error msg="secrets is forbidden: User \"system:serviceaccount:kube-system:kube-aws-iam-controller\" cannot list resource \"secrets\" in API group \"\" at the cluster scope"

instaastro avatar Nov 28 '21 13:11 instaastro

Double check your deployment files and compare them with what's documented here: https://github.com/zalando-incubator/kube-aws-iam-controller/tree/master/docs

The service account and cluster role are defined there. You might got the error initially because the rbac.yaml is applied after the deployment.yaml. This should work during the second run.

Please also paste the contents of your ClusterRoleBinding and ClusterRole.

linki avatar Nov 29 '21 15:11 linki