Cluster creation errors with Scaleway

Link to the console : Qovery


Describe your issue here
I started working with Qovery last week, at the beginning I had some problems creating clusters with Scaleway. So I read Qovery documentation again, I did some operations multiple times, checked IAM policies multiple times, generated a few API keys, then it worked. Sadly I don’t really know why, but it was cool to be able to work.

I’m still in a learning phase so after having problems today I tried to restart from scratch.
Now I’m back to the same problems I’ve faced in the beginning, I have errors during the cluster creation:

  • first I had an object storage error, I generated API keys again and then it worked :sweat_smile:
  • now I’m stuck with a scaleway-sdk-go: insufficient permissions

The full error :

Transmitter: new-stack - Unknown error while performing Terraform command (`terraform apply -lock=false -no-color -auto-approve tf_plan`), here is the error:

Error: scaleway-sdk-go: insufficient permissions: 

  with scaleway_k8s_cluster.kubernetes_cluster,
  on line 1, in resource "scaleway_k8s_cluster" "kubernetes_cluster":
   1: resource "scaleway_k8s_cluster" "kubernetes_cluster"  {

I started with a policy that follows the Qovery documentation, then I tried the AllProductFullAccess I saw in this thread : Update on scaleway cluster not working - #11 by dandray


Describe step by step how to reproduce the issue

  1. Create a new cluster with Scaleway as cloud provider, region=PAR, not a production cluster
  2. Leave resource default settings and select DEV1-M instances
  3. Click Create cluster
  4. Read the logs
  5. Cry… :cry:

Hello @Mathieu_Haage,

Looks like the key you are using has not enough permissions:

Can you confirm the following:

  1. In IAM application settings, you have one application (for example Qovery) set with a policy attached to it?

  2. API keys you are using and configured via Qovery is the one from this application (tab API keys)

  3. The policy used for the application is properly set to Policies tab?

  4. The policy has AllProductsFullAccess permission sets on the project you want qovery to run

  5. The API key you are using is the one for your application (dedicated to qovery with the policy giving the proper rights) and has preferred project set to the dedicated project?

  6. Set this key to Qovery UX under Cluster > Settings > Credentials and then save (project ID to be set with preferred project ID)

Usually what I do to configure my account for Qovery on scaleway is:

  1. Create a dedicated project for example my-project
  2. Create a dedicated policy qovery-access with AllProductsFullAccess permission on this dedicated project my-project
  3. Create a dedicated application qovery, attach qovery-access to this application
  4. Generate an API token for my qovery application with preferred project the one I want Qovery to run on
  5. Set this key info to Qovery UX under Cluster > Settings > Credentials and then save

Let me know if you have a similar setup on your side.


I’m so sorry, it was my fault. Instead of using Scaleway project ID in Qovery credentials, I used Scaleway IAM application ID !

Thanks a lot for your help @bchastanier :pray:

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.