Uploaded image for project: 'OpenShift Storage'
  1. OpenShift Storage
  2. STOR-2479

Investigate AWS role / authorization

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • None
    • None

      Make sure the CSI driver node daemonset has permission to:

      efs.DescribeMountTargets
      ec2.DescribeAvailabilityZones

      Currently, the daemonset Pod use node's AWS identity, which does not have permissions to do so.

      Investigate:

      • Update the node's role (Jan thinks it's created during installation and never updated).
      • Or, add need a new role in AWS (= new CredentialsRequest) + assign it to the node driver pods. Adding new CredentialsRequest needs manual work of cluster admin during upgrade when using STS. The cluster admin must create the role in AWS + its secret in OCP before the driver upgrade!

              Unassigned Unassigned
              rhn-engineering-jsafrane Jan Safranek
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: