Missing permissions for alb-load-balancer-controller sa #775
Labels
bug
Something isn't working
Comments
|
Thanks for reporting the issue, this is a breaking change. We will need to release a patch |
|
What is the specific error you are encountering and which region are you deploying to? |
|
I was able to successfully deploy Kubeflow on Cognito with Kustomize/terraform. Can you let me know when you deployed it. |
This was referenced Aug 9, 2023
ananth102
added a commit
that referenced
this issue
Aug 15, 2023
**Which issue is resolved by this Pull Request:** Resolves #775 **Description of your changes:** Added permissions from the upstream reccomendation Based on https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json **Testing:** - [ ] Unit tests pass - [ ] e2e tests pass - manual cognito test passed By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
ananth102
added a commit
that referenced
this issue
Aug 28, 2023
**Which issue is resolved by this Pull Request:** Resolves #775 **Description of your changes:** Upgrade to v5 blueprints for the eks addons Major changes: 1. v5 does not have an option to enable the ebs csi driver, will need to do with the help of another module 2. v5 does not have an option for enabling the nvidia plugin, an operator is used instead. 3. V5/V4 parameters are different. **Testing:** - [ ] Unit tests pass - [x] e2e tests pass - Cognito, rds-s3-static, rds/s3-irsa passes, efs/fsx look fine manually. Need to test nvidia. - Details about new tests (If this PR adds a new feature) - Details about any manual tests performed - GPU testing By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
|
We have released v1.7.0-b1.0.3 which should fix this |
rakuto
pushed a commit
to tne-ai/kubeflow-manifests
that referenced
this issue
Sep 27, 2023
**Which issue is resolved by this Pull Request:** Resolves awslabs#775 **Description of your changes:** Upgrade to v5 blueprints for the eks addons Major changes: 1. v5 does not have an option to enable the ebs csi driver, will need to do with the help of another module 2. v5 does not have an option for enabling the nvidia plugin, an operator is used instead. 3. V5/V4 parameters are different. **Testing:** - [ ] Unit tests pass - [x] e2e tests pass - Cognito, rds-s3-static, rds/s3-irsa passes, efs/fsx look fine manually. Need to test nvidia. - Details about new tests (If this PR adds a new feature) - Details about any manual tests performed - GPU testing By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
For Cognito deployment option, one of the reasons ALB fails to provision is due to the below missing permissions in this iam_alb_ingress_policy.json
"elasticloadbalancing:AddTags"Updating it manually via AWS console and deleting/restarting the alb-load-balancer-controler pods fixes it
Steps To Reproduce
kubectl -n kube-system logs $(kubectl get pods -n kube-system --selector=app.kubernetes.io/name=aws-load-balancer-controller --output=jsonpath={.items..metadata.name})elasticloadbalancing:AddTagspermissionskubectl get ingress -n istio-systemExpected behavior
A clear and concise description of what you expected to happen.
Environment
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Similar issues are encountered by others (possibly due to regression or version incompatibility issue between EKS/k8s and aws-load-balancer-controller)
kubernetes-sigs/aws-load-balancer-controller#3044
aws-ia/terraform-aws-eks-blueprints#1683
The text was updated successfully, but these errors were encountered: