이 방법을 사용하여 AWS의 kops 1.9에서 nginx 수신을 배포할 수 없습니다.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l4.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l4.yaml
# kubectl describe svc ingress-nginx -n ingress-nginx
Warning CreatingLoadBalancerFailed 2s service-controller Error creating load balancer (will retry): failed to ensure load balancer for service ingress-nginx/ingress-nginx: AccessDenied: User: arn:aws:sts::605051368824:assumed-role/masters.play.domain.org/i-0372932f001403e37 is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::605051368824:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing
status code: 403, request id: b41a558a-9668-11e8-9265-3b1bdc7d9e74
답변1
클러스터 구성에 다음을 추가하세요.
사양:
추가 정책:
마스터: |
[
{
"효과": "허용",
"작업": "iam:CreateServiceLinkedRole",
"리소스": "arn:aws:iam::*:role/aws-service-role/*"
},
{
"효과": "허용",
"행동": [
"ec2: 계정 속성 설명",
"ec2: 인터넷 게이트웨이 설명"
],
"자원":"*"
}
]