kubernetes: Kubelet can't start with "--cloud-provider=aws"

Is this a BUG REPORT or FEATURE REQUEST?:

Uncomment only one, leave it on its own line:

/kind bug

What happened:

kubelet can’t start with --cloud-provider=aws --cloud-config=/etc/kubernetes/cloud-config

What you expected to happen:

kubele could start and using cloud-config for aws

How to reproduce it (as minimally and precisely as possible):

Start kubelete with “–cloud-provider=aws --cloud-config=/etc/kubernetes/cloud-config” and the cloud-config file like this(from aws document):

[default] aws_access_key_id = YOUR_AWS_ACCESS_KEY_ID aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY

Anything else we need to know?:

Environment: centos7.3

  • Kubernetes version (use kubectl version): v1.8.4
  • Cloud provider or hardware configuration: aws
  • OS (e.g. from /etc/os-release): NAME=“CentOS Linux” VERSION=“7 (Core)” ID=“centos” ID_LIKE=“rhel fedora” VERSION_ID=“7” PRETTY_NAME=“CentOS Linux 7 (Core)” ANSI_COLOR=“0;31” CPE_NAME=“cpe:/o:centos:centos:7” HOME_URL=“https://www.centos.org/” BUG_REPORT_URL=“https://bugs.centos.org/

CENTOS_MANTISBT_PROJECT=“CentOS-7” CENTOS_MANTISBT_PROJECT_VERSION=“7” REDHAT_SUPPORT_PRODUCT=“centos” REDHAT_SUPPORT_PRODUCT_VERSION=“7”

  • Kernel (e.g. uname -a): Linux ip-172-31-34-134.us-west-2.compute.internal 3.10.0-514.10.2.el7.x86_64 #1 SMP Fri Mar 3 00:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
  • Install tools: yum install kubelet
  • Others:

logs: error: failed to run Kubelet: could not init cloud provider “aws”: unable to read AWS cloud provider config file: 2:4: illegal character U+005F ‘_’

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 19 (11 by maintainers)

Most upvoted comments

I think it is really dangerous to give this kind of permissions!! Am I the only one to think that?

Does it exists a list of resources needed for the kubelet agent? According to this page, Kubernetes.io / Using a Private Registry , it looks like possible but as a newbie in kubernetes, it is not clear enough for me.

@tianshapjq I’ve confirmed many times, it’s the same with my working aws credentials. And I’m confusing why there is no doc for this? It cost me many time to read the code to find the cloud config file format.

Hi @MaSattari In my case, I didn’t specify any cloud config, starting kubelet with kubelet --cloud-provider=aws and assign your aws ec2 with this IAM role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

That works for me.

@sibtainabbas10 Thak you for your response. I am using AWS ECR, I was asking for setting this credentials within cloud-config .

I’ve set up my cluster using kops on AWS. I created a my-file as follows: aws_access_key_id = MY_DATA1 aws_secret_access_key = MY_DATA2

Then: base64 my-file > /etc/kubernetes/cloud-config

And added: [global] to the top of /etc/kubernetes/cloud-config .

And finally: sudo kubelet --cloud-provider=aws --cloud-config=/etc/kubernetes/cloud.config

But getting error: error: failed to run Kubelet: could not init cloud provider "aws": unable to read AWS cloud provider config file: warnings: can't store data at section "global", variable "KASDJHFLKASDHADFSADF" can't store data at section "global", variable "ASFKJHASKFDHASKJHFLKJASHFLKHASKFHKLSHDF"

Do you have any idea?

@sibtainabbas10

You can assign a role with this policy to your EC2 instances:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}