External-dns: Role assumed, but produces error: NoCredentialProviders: no valid providers in chain.
I'm currently having an issue trying external-dns for the first time, in a cluster provisioned by __kops__.
time="2018-07-25T09:38:59Z" level=info msg="Assuming role: arn:aws:iam::xxxxx:role/k8s-nodes-external-dns"
time="2018-07-25T09:39:02Z" level=error msg="NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"
time="2018-07-25T09:40:02Z" level=error msg="NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"
Where __arn:aws:iam::xxxxx:role/k8s-nodes-external-dns__ has policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListResourceRecordSets"
],
"Resource": [
"*"
]
}
]
}
And trust relationship:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxx:role/k8s-nodes-external-dns"
},
"Action": "sts:AssumeRole"
}
]
}
bzon
All 3 comments
Closing this one. Wrong IAM Trust relationship settings for kube2iam.
bzon
on 30 Jul 2018
👍1
@bzon If your above Trust Relationship isn't right, can you provide the one that got it working please?
mikesigs
on 14 Mar 2019
👍6
@mikesigs Principal should point to your kiam server process role arn instead of ec2.amazonaws.com service like in the example above.
pkobielak
on 29 Jul 2019
Was this page helpful?
0 / 5 - 0 ratings
Related issues
deimosfr
路
3Comments
njuettner
路
4Comments
rk295
路
6Comments
Gnnng
路
3Comments
lemaral
路
4Comments
Most helpful comment
@bzon If your above Trust Relationship isn't right, can you provide the one that got it working please?