以下AWSのkops紹介記事で起きたエラー対処メモ。
kopsを使ってKubernetesクラスタをAWS上で構成 | Amazon Web Services ブログ
エラー内容
kops create cluster \
--name example.cluster.k8s.local \
--zones us-east-1a,us-east-1c \
--yes
I0729 13:29:50.169624 39475 create_cluster.go:1318] Using SSH public key: /Users/paper2/.ssh/id_rsa.pub
I0729 13:29:52.155355 39475 create_cluster.go:472] Inferred --cloud=aws from zone "us-east-1a"
I0729 13:29:53.312934 39475 subnets.go:184] Assigned CIDR 172.20.32.0/19 to subnet us-east-1a
I0729 13:29:53.313013 39475 subnets.go:184] Assigned CIDR 172.20.64.0/19 to subnet us-east-1c
error assigning default machine type for masters: error finding default machine type: error checking if instance type "m3.medium" is supported in region "us-east-1": UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: 1ec664cf-0908-4aa3-9fdd-e18ba770acab
対処
optionで起動するインスタンスタイプの変更。
--master-size="t2.micro" --node-size="t2.micro"
をつける。
kops create cluster \
--name example.cluster.k8s.local \
--zones us-east-1a,us-east-1c \
--yes --master-size="t2.micro" --node-size="t2.micro"
I0729 13:30:10.542413 39502 create_cluster.go:1318] Using SSH public key: /Users/paper2/.ssh/id_rsa.pub
I0729 13:30:12.469725 39502 create_cluster.go:472] Inferred --cloud=aws from zone "us-east-1a"
I0729 13:30:13.561972 39502 subnets.go:184] Assigned CIDR 172.20.32.0/19 to subnet us-east-1a
I0729 13:30:13.562056 39502 subnets.go:184] Assigned CIDR 172.20.64.0/19 to subnet us-east-1c
I0729 13:30:19.389589 39502 apply_cluster.go:456] Gossip DNS: skipping DNS validation
I0729 13:30:20.953409 39502 executor.go:91] Tasks: 0 done / 79 total; 30 can run
I0729 13:30:23.603012 39502 vfs_castore.go:731] Issuing new certificate: "apiserver-aggregator-ca"
I0729 13:30:23.930083 39502 vfs_castore.go:731] Issuing new certificate: "ca"
I0729 13:30:25.809802 39502 executor.go:91] Tasks: 30 done / 79 total; 25 can run
I0729 13:30:28.461254 39502 vfs_castore.go:731] Issuing new certificate: "kube-proxy"
I0729 13:30:28.529271 39502 vfs_castore.go:731] Issuing new certificate: "kube-controller-manager"
I0729 13:30:28.730947 39502 vfs_castore.go:731] Issuing new certificate: "kubelet-api"
I0729 13:30:28.978365 39502 vfs_castore.go:731] Issuing new certificate: "apiserver-aggregator"
I0729 13:30:29.000473 39502 vfs_castore.go:731] Issuing new certificate: "kubecfg"
I0729 13:30:29.068783 39502 vfs_castore.go:731] Issuing new certificate: "apiserver-proxy-client"
I0729 13:30:29.225226 39502 vfs_castore.go:731] Issuing new certificate: "kops"
I0729 13:30:29.286799 39502 vfs_castore.go:731] Issuing new certificate: "kubelet"
I0729 13:30:29.882465 39502 vfs_castore.go:731] Issuing new certificate: "kube-scheduler"
I0729 13:30:31.824246 39502 executor.go:91] Tasks: 55 done / 79 total; 20 can run
I0729 13:30:34.766318 39502 executor.go:91] Tasks: 75 done / 79 total; 3 can run
I0729 13:30:37.090722 39502 vfs_castore.go:731] Issuing new certificate: "master"
I0729 13:30:38.441361 39502 executor.go:91] Tasks: 78 done / 79 total; 1 can run
I0729 13:30:39.172624 39502 executor.go:91] Tasks: 79 done / 79 total; 0 can run
I0729 13:30:39.815921 39502 update_cluster.go:291] Exporting kubecfg for cluster
I0729 13:30:39.930644 39502 logging_retryer.go:60] Retryable error (RequestError: send request failed
caused by: Post https://ec2.us-east-1.amazonaws.com/: EOF) from ec2/DescribeAvailabilityZones - will retry after delay of 44ms
kops has set your kubectl context to example.cluster.k8s.local
Cluster is starting. It should be ready in a few minutes.
Suggestions:
* validate cluster: kops validate cluster
* list nodes: kubectl get nodes --show-labels
* ssh to the master: ssh -i ~/.ssh/id_rsa admin@api.example.cluster.k8s.local
* the admin user is specific to Debian. If not using Debian please use the appropriate user based on your OS.
* read about installing addons at: https://github.com/kubernetes/kops/blob/master/docs/addons.md.
#権限はあるはずなんだけどなあ。旧世代のm3も使えるのでは、、、?根本原因はわからず。