-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] AWS Load Balancer Controller well known policy missing listener attribute actions required in v2.9.0 #7987
Comments
Have the same issue. Can we merge the fix? |
I do have the same issue! |
@raghu-manne For a workaround you can attach a policy with the required actions in the eksctl cluster config. See the issue above for an example. |
I did tried with config file, but having issue with eksctl CRD's which I raised here #7995 |
Also there are typos in the Action; it should be
|
@raghu-manne Your issue isn't related to this. I responded in your issue. |
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
This issue was closed because it has been stalled for 5 days with no activity. |
This issue was resolved in eksctl 0.194.0. 👍 |
AWS Load Balancer Controller v2.9.0 added support for listener attributes, which requires two additional IAM permissions that are not currently included in the eksctl well known policy
awsLoadBalancerController
:elasticloadbalancing:DescribeListenerAttributes
elasticloadbalancing:ModifyListenerAttributes
This causes LoadBalancer service resource initialization to fail when using v2.9.0 and a service account created using eksctl.
What were you trying to accomplish?
I'm trying to use the latest AWS Load Balancer Controller and a service account created with eksctl's well known policy
awsLoadBalancerController
to create a LoadBalancer service resource. I'm trying to install Ingress NGINX, which creates a load balancer service that requires AWS Load Balancer Controller to create an ELB.What happened?
Service resource initialization failed due to missing permissions. Service load balancer stayed in pending state.
How to reproduce it?
Create service account.
Install AWS Load Balancer Controller.
helm install aws-load-balancer-controller aws-load-balancer-controller \ -n kube-system \ --repo=https://aws.github.io/eks-charts \ --set clusterName=$CLUSTER_NAME \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller
Install Ingress NGINX.
Logs
AWS Load Balancer Controller logs include the following error message:
Anything else we need to know?
A workaround for this issue is to attach a policy with the required permissions when creating the service account.
Versions
The text was updated successfully, but these errors were encountered: