我在AWS GovCloud中的EC2实例上运行Kubernetes v1.4.0 + 776c994。 我可以列出EC2卷和ec2 describe-volumes'但是当我尝试创建一个持久卷时,' kubectl create -f aws-pv.yaml',我收到此错误:
{
"kind":"Status",
"apiVersion":"v1",
"metadata":{},
"status":"Failure",
"message":"persistentvolumes \"pv0001\" is forbidden: error querying AWS EBS volume vol-05dffe55de3ac725b: error querying ec2 for volume info: error listing AWS volumes: UnauthorizedOperation: You are not authorized to perform this operation.\n\tstatus code: 403, request id:",
"reason":"Forbidden",
"details": {
"name":"pv0001",
"kind":"persistentvolumes"
},
"code":403
}
我已经设置了这些环境变量:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_REGION=us-gov-west-1
CURL_CA_BUNDLE=/etc/origin/master/ca.crt
答案 0 :(得分:0)
我的IAM角色,作为AWS用户dvogel,允许我成功运行查询&aws ec2 describe-volumes',但显然我的权限在我运行时没有传递给Kubernetes api ' kubectl create -f aws-pv.yaml'在同一个终端。我猜测我需要在admin.kubeconfig中设置一些东西才能做到这一点。