search

amazon-archives / aws-service-operator

AWS Service Operator allows you to create AWS resources using kubectl.
Apache License 2.0
733 stars 103 forks source link

ElastiCache cloudformation template not found #193

Closed ciaranRoche closed 5 years ago

ciaranRoche commented 5 years ago

Description

Elasticache cloudformation template not found

Expected Behavior

Add Elasticache to stack and status to highlight CreateInProgress and progress to CreateComplete

Actual Behavior

oc get elasticache -o yaml -w hangs and never reaches status Logs from the the operator show the cloudformation template is not found.

time="2019-06-26T11:23:20Z" level=error msg="error getting cloudformation template returning fallback template" error="cloudformationtemplates.service-operator.aws \"elasticache\" not found" hostname=aws-service-operator-7d5bb89ff8-8pb9p
--
time="2019-06-26T11:23:21Z" level=error msg="error creating elasticache 'elasticache'" error="ValidationError: S3 error: Access Denied\nFor more information check http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html\n\tstatus  code: 400, request id: cd2536a6-9804-11e9-bd6b-91fe72d58baf" hostname=aws-service-operator-7d5bb89ff8-8pb9p

To verify it was not a permissions error, I can successfully provision dynamoDB via the operator. The elasticache yaml used: 

apiVersion: service-operator.aws/v1alpha1
kind: ElastiCache
metadata:
  name: elasticache
spec:
  autoMinorVersionUpgrade: true
  nodeType: cache.m3.medium
  engine: redis
  version: 4.0.10
  cacheNodes: 3
  tags:
  - name: Usage
    value: caching

Environment

Steps to reproduce

ciaranRoche commented 5 years ago

After digging deeper into the operator I got elasticache provisioned, my initial error was following the wrong documentation which misses a vital step needed. To apply the cloudformation templates that are used by the operator:

oc apply -f examples/cloudformationtemplates

The next problem I ran into was an s3 bucket issue, the creation of the cloudformation templates was failing, to over come this I created my own bucket and added the bucket as an args to the operator deployment:

          args:
            - server
            - --cluster-name=<CLUSTER_NAME>
            - --region=<REGION>
            - --account-id=<ACCOUNT_ID>
            - --bucket=<TEMPLATE BUCKET>

Once this was done, I needed to update the elasticache.yaml which I have linked above to the following 

apiVersion: service-operator.aws/v1alpha1
kind: ElastiCache
metadata:
  name: elasticache
spec:
  autoMinorVersionUpgrade: true
  cacheSubnetGroupName: "xxxxxxx"
  vpcSecurityGroupIds: "sg-xxxxxxxx"
  cacheNodeType: "cache.m4.large"
  engine: redis
  engineVersion: 5.0.0
  numCacheNodes: 1
  port: 6379
  tags:
  - name: Usage
    value: caching

Also encountered was an ec2 role issue thrown by cloudformation. So I just updated the policy to the following

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sqs:*",
                "sns:*",
                "cloudformation:*",
                "ecr:*",
                "dynamodb:*",
                "s3:*",
                "elasticache:*",
                "ec2:*"
            ],
            "Resource": "*"
        }
    ]
}

Feel free to close this issue, I would be happy to put in a PR to update the documentation on the creation of an S3 bucket for the templates, as well as updating the config/deployment to add the bucket as an args.

mhausenblas commented 5 years ago

Thanks a lot @ciaranRoche and yeah, a docs update would be appreciated!