[doc] 3.3.2 Deploying the Infrastructure #772
Comments
r0ckarong
added
Bug
|
@flavio @ereslibre What is going wrong here? What is the correct procedure to do this? |
|
fix issue for aws iam profile [bsc#1169506] (1517) #1058 shoudl fixes this issue. |
r0ckarong
added
the
ReleaseNotes
|
@cclhsu Does this need any additional docs updates? |
|
@r0ckarong No document update required, we only need to update terraform file to properly create iam and instance profile. |
|
@jordimassaguerpla We should add this to the known issues until it's merged. |
|
@r0ckarong Does it need to have some content or just the bug mentioned? |
|
@jordimassaguerpla To do it right, we would have to explain the entire workaround with doing the steps terraform is missing by hand but I'm not sure if you can salvage an already failed deployment that way. Not sure what to do with the right amount of effort. @kkaempf What do you think? |
|
That's one of the problems with "tech previews". :-/
Well, if it's really non functional, that's embarrassing 🤦 Workaround for now:
Not perfect, but (imho) a minimal effort approach. |
|
If you simply document the workaround (setup the instance profile prior) then the fix to the tf files can come later and it's functional until then. |
|
@cclhsu Could you provide the steps required to set up the IAM profile to work around this? I think linking to this specification (https://github.com/kubernetes/cloud-provider-aws#readme) and some steps on how to achieve this on AWS would suffice? Can any user just use the profile examples from the bugzilla thread? |
|
Through the aws console...it's just a matter of creating a role with the documented policy (in iam_policies.tf) and the instance profile will be created automatically with the same name of the role. That role/instance profile name needs to be added to the terraform.tfvars (where the commented caasp-k8s-master-vm-profile is noted). If you need specific docs...happy to create them... |
add documents for create role instance policy and profile (SUSE#772) Signed-off-by: cclhsu <clark.hsu@suse.com>
add documents for create role instance policy and profile (SUSE#772) Signed-off-by: cclhsu <clark.hsu@suse.com>
add documents for create role instance policy and profile (SUSE#772) Signed-off-by: cclhsu <clark.hsu@suse.com>
add documents for create role instance policy and profile (SUSE#772) Signed-off-by: cclhsu <clark.hsu@suse.com>
fix suggestions from document review for create role instance policy and profile (SUSE#772) Signed-off-by: cclhsu <clark.hsu@suse.com>
…file (Closes #772) * add documents for create role instance policy and profile (#772) add documents for create role instance policy and profile (#772) Signed-off-by: cclhsu <clark.hsu@suse.com> * add documents for create role instance policy and profile (#772) add documents for create role instance policy and profile (#772) Signed-off-by: cclhsu <clark.hsu@suse.com> * Added anchors to AWS IAM profile sections * fix suggestions for create role instance policy and profile (#772) fix suggestions from document review for create role instance policy and profile (#772) Signed-off-by: cclhsu <clark.hsu@suse.com> * Update adoc/deployment-aws.adoc Co-Authored-By: David Ko <dko@suse.com> * Move AWS IAM profile creation via CLI to troubleshooting * Move AWS IAM profile creation via CLI to troubleshooting * Remove obsolete message about IAM profile Co-authored-by: Markus Napp <mnapp@suse.com> Co-authored-by: David Ko <dko@suse.com>
In this section if you leave the iam_profile_master and iam_profile_worker empty, TF does not create the proper IAM Profile even with explicit IAM_Passthru rights or the use of root credentials.
The deployment will fail with a "cannot attach profile" error.
If you add/uncomment these lines, the deployment will finish however the skuba node bootstrap will fail with a error listing instances error.
3.3.2 Deploying the Infrastructure
https://documentation.suse.com/suse-caasp/4.1/single-html/caasp-deployment/#_deploying_the_infrastructure
The text was updated successfully, but these errors were encountered: