티스토리 뷰
kops 버그인 듯 한데 aws 환경에서 kops로 쿠버네티스 클러스터 구성 후 jenkins 배포 시
다음과 같은 오류가 발생
SyncLoadBalancerFailed status code: 403
Error syncing load balancer: failed to ensure load balancer: AccessDenied: User: arn:aws:sts::836399647365:assumed-role/aws-cloud-controller-manager.kube-system.sa.cluster.today-7r15r6/1675860055045299980 is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::836399647365:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing because no identity-based policy allows the iam:CreateServiceLinkedRole action
해당되는 IAM User Policy에서 ElasticLoadBalancingFullAccess를 추가해도 동일한 오류 발생
https://github.com/terraform-aws-modules/terraform-aws-eks/issues/103
IAM User Group에 CreateServiceLinkedRole 권한 Permisson으로 추가(json으로 입력)
CreateServiceLinkedRole 추가 후 다음 오류 발생
ModifyLoadBalancerAttributes 추가
Error syncing load balancer: failed to ensure load balancer: Unable to update load balancer attributes during attribute sync: "AccessDenied: User: arn:aws:sts::836399647365:assumed-role/aws-cloud-controller-manager.kube-system.sa.cluster.today-7r15r6/1675903624408421235 is not authorized to perform: elasticloadbalancing:ModifyLoadBalancerAttributes on resource: arn:aws:elasticloadbalancing:ap-northeast-2:836399647365:loadbalancer/a54be2cfc949f41aabf94b7b6fcb15cd because no identity-based policy allows the elasticloadbalancing:ModifyLoadBalancerAttributes action\n\tstatus code: 403, request id: 464f208e-5a2a-40f8-9f78-c56f4a2c97fc
이후 helm install로 젠킨스를 다시 설치해보니 service도 제대로 작동하고 external-ip가 제대로 동작.
