Cluster creation errors with Scaleway

Bugs
1

Link to the console : Qovery

ISSUE

Describe your issue here
I started working with Qovery last week, at the beginning I had some problems creating clusters with Scaleway. So I read Qovery documentation again, I did some operations multiple times, checked IAM policies multiple times, generated a few API keys, then it worked. Sadly I don’t really know why, but it was cool to be able to work.

I’m still in a learning phase so after having problems today I tried to restart from scratch.
Now I’m back to the same problems I’ve faced in the beginning, I have errors during the cluster creation:

  • first I had an object storage error, I generated API keys again and then it worked :sweat_smile:
  • now I’m stuck with a scaleway-sdk-go: insufficient permissions

The full error :

Transmitter: new-stack - Unknown error while performing Terraform command (`terraform apply -lock=false -no-color -auto-approve tf_plan`), here is the error:

Error: scaleway-sdk-go: insufficient permissions: 

  with scaleway_k8s_cluster.kubernetes_cluster,
  on ks-master-cluster.tf line 1, in resource "scaleway_k8s_cluster" "kubernetes_cluster":
   1: resource "scaleway_k8s_cluster" "kubernetes_cluster"  {

image
image1494×554 131 KB

I started with a policy that follows the Qovery documentation, then I tried the AllProductFullAccess I saw in this thread : Update on scaleway cluster not working - #11 by dandray

HOW TO REPRODUCE

Describe step by step how to reproduce the issue

  1. Create a new cluster with Scaleway as cloud provider, region=PAR, not a production cluster
  2. Leave resource default settings and select DEV1-M instances
  3. Click Create cluster
  4. Read the logs
  5. Cry… :cry:
2

Hello @Mathieu_Haage,

Looks like the key you are using has not enough permissions:
image

Can you confirm the following:

  1. In IAM application settings, you have one application (for example Qovery) set with a policy attached to it?

    image
    image1170×906 45.2 KB

  2. API keys you are using and configured via Qovery is the one from this application (tab API keys)

    image
    image1765×484 33.8 KB

  3. The policy used for the application is properly set to Policies tab?

    image
    image1190×622 49.4 KB

  4. The policy has AllProductsFullAccess permission sets on the project you want qovery to run

    image
    image1166×930 50.3 KB

  5. The API key you are using is the one for your application (dedicated to qovery with the policy giving the proper rights) and has preferred project set to the dedicated project?

    image
    image1185×528 41.1 KB

  6. Set this key to Qovery UX under Cluster > Settings > Credentials and then save (project ID to be set with preferred project ID)

    image
    image1148×553 35 KB

Usually what I do to configure my account for Qovery on scaleway is:

  1. Create a dedicated project for example my-project
  2. Create a dedicated policy qovery-access with AllProductsFullAccess permission on this dedicated project my-project
  3. Create a dedicated application qovery, attach qovery-access to this application
  4. Generate an API token for my qovery application with preferred project the one I want Qovery to run on
  5. Set this key info to Qovery UX under Cluster > Settings > Credentials and then save

Let me know if you have a similar setup on your side.

Cheers

3

I’m so sorry, it was my fault. Instead of using Scaleway project ID in Qovery credentials, I used Scaleway IAM application ID !

Thanks a lot for your help @bchastanier :pray:

1 Like
4

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.