Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add elasticloadbalancing:DeregisterTargets permission to master policy #5752

Merged
merged 1 commit into from
Sep 6, 2018
Merged

Add elasticloadbalancing:DeregisterTargets permission to master policy #5752

merged 1 commit into from
Sep 6, 2018

Conversation

kellycampbell
Copy link
Contributor

Without this permission, controller-manager gets the following error:

failed to ensure load balancer for service XXX: Error trying to
deregister targets in target group:
"AccessDenied: User: arn:aws:sts::XXX:assumed-role/masters...
is not authorized to perform: elasticloadbalancing:DeregisterTargets
on resource: arn:aws:elasticloadbalancing:XXX

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Sep 5, 2018
Add elasticloadbalancing:DeregisterTargets permission to master policy
8132073 
Without this permission, controller-manager gets the following error:

    failed to ensure load balancer for service XXX: Error trying to
    deregister targets in target group:
    "AccessDenied: User: arn:aws:sts::XXX:assumed-role/masters...
    is not authorized to perform: elasticloadbalancing:DeregisterTargets
    on resource: arn:aws:elasticloadbalancing:XXX
@chrisz100
Copy link
Contributor

/lgtm
/ok-to-test

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 5, 2018
@kellycampbell
Copy link
Contributor Author

Note that this change will potentially make some of the NLB security group bugs in k8s more apparent because aws_loadbalancer.go will be able to remove sg rules where it errored out before. Hopefully those will be fixed soon.

@mikesplain
Copy link
Contributor

Thanks @kellycampbell!

/lgtm
/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chrisz100, kellycampbell, mikesplain

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 6, 2018
@k8s-ci-robot k8s-ci-robot merged commit 258700f into kubernetes:master Sep 6, 2018
@kellycampbell
Copy link
Contributor Author

kellycampbell commented Sep 7, 2018
edited
Loading

FYI, I found and fixed the cause of one NLB security groups problem: kubernetes/kubernetes#68422

@rajatjindal rajatjindal mentioned this pull request Dec 30, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikesplain mikesplain mikesplain approved these changes

Assignees

@chrisz100 chrisz100

@mikesplain mikesplain

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@kellycampbell @chrisz100 @mikesplain @k8s-ci-robot