Kubernetes installation

0
votes

I am installing a kubernetes on AWS, however getting access denied while uploading into s3 buckets. Uploading to Amazon S3

A client error (AccessDenied) occurred when calling the GetBucketLocation operation: Access Denied +++ Staging server tars to S3 Storage: kubernetes-artifacts-*****/devel

A client error (AccessDenied) occurred when calling the PutObjectAcl operation: Access Denied

I have provided all necessary permission for the above said bucket. Could someone please help me on this.

7
amazon-web-servicesinstallationkubernetes
modify the script you are running at the beginning like #!/bin/sh -ex and run the script. It will print each command and tell you the command where it's failing. If it's dependent on different .sh file add the -ex attribute to that file also and run it.Santhosh S
export KUBERNETES_PROVIDER=aws; curl -sS get.k8s.io | bash I am executing the above command to install kubernetes. Not sure where to edit this one.user2417975

7 Answers

0
votes

Is the 'aws' cli configured properly? Can you manually upload things to S3?

You need to run 'aws configure' before you can run aws commands.

See: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html

0
votes

Please make sure AWS cli is properly installed

  1. If AWS cli is installed check you have added your access key and secret key. You can check this by running command aws configure and make sure access & secret keys are there
  2. Check the keys have proper permission to list,createbucket,uploadtobucket and download objects

Foe more info on setting up kubernetes on AWS See:http://kubernetes.io/v1.0/docs/getting-started-guides/aws.html

0
votes

You can plan to use instance profile of AWS, which helps to upload to S3 or perform any aws-cli operation without explicitly specifying access id and secret.

Basically you have to attach the AWS role (which have right permission to upload to S3) to your instance using instance profile when you launch the instance.

Its a good practice to use instance profile because you can avoid hardcoding the access id and secret in your program or as ENV variable. It will avoid the mistakes of accidentally uploading your access-id and secret to Github or elsewhere.

0
votes

Probably the AWS recommended way is to ensure that your AWS servers have an IAM role that automatically configures requests coming from the servers with proper authentication.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

0
votes

I installed kubernetes on AWS. For authentication I used awscli.

If you are using linux you can configure AWS configuration with aws cli. Make sure you have python-pip installed on your system. If not , [For Debian]

1. $ sudo apt-get update

2. $ sudo apt-get install python-pip

3. $ sudo pip instal awscli

4. $ aws configure

It will ask for Access Key Id , Security Access Key and Region. You must provide valid keys of account which can access S3. You can check IAM role of your user to know about services that you can access. Check your S3 connection with sample command , 

$ aws s3 ls
0
votes

I got the same error when tried making a cluster in AWS. My problem was the IAM access level of access key that I was using. I added below permissions to the user I was using and was able to create the cluster successfully then.

1) AmazonEC2FullAccess 2) IAMFullAccess 3) AmazonS3FullAccess 4) AmazonRoute53FullAccess