aws-service-operator pod fails to come up with NoCredentialProviders error
Closed this issue · 3 comments
prashantchitta commented
When i am running aws-service-operator deployment, the pod fails to come up with
time="2018-10-16T00:44:20Z" level=error msg="Error creating SNS Topic with error 'NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors'" hostname=aws-service-operator-6d9fdf7f75-t2qd6
panic: runtime error: invalid memory address or nil pointer dereference
We use kube2iam for talking to aws and it is configured to use
spec:
containers:
- args:
- --base-role-arn=arn:aws:iam::XXXX:role/
This is my deployment spec
- kind: Deployment
apiVersion: apps/v1beta1
metadata:
name: aws-service-operator
namespace: aws-service-operator
spec:
replicas: 1
template:
metadata:
annotations:
iam.amazonaws.com/role: aws-service-operator
labels:
app: aws-service-operator
spec:
serviceAccountName: aws-service-operator
containers:
- name: aws-service-operator
image: awsserviceoperator/aws-service-operator:v0.0.1-alpha2
imagePullPolicy: Always
args:
- server
- --cluster-name=s676423139
- --region=us-west-2
- --account-id=XXXXX
and here is my policy attached to aws-service-operator role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:*",
"sns:*",
"cloudformation:*",
"ecr:*",
"dynamodb:*",
"s3:*"
],
"Resource": "*"
}
]
}
We are using K8 1.9.7. Can you let me know what am i doing wrong?
christopherhein commented
Have you configured the trust relationship between the roles? It sounds like kube2iam isn't able to get the role properly. Check out what we have https://github.com/awslabs/aws-service-operator/blob/master/configs/aws-service-operator-role.yaml#L13-L35
christopherhein commented
Did this resolve your issue @prashantchitta ?
prashantchitta commented
Yes, It worked when i used the yaml file that you pointed. Closing this