How Do You Troubleshoot the kubectl Error “Access denied status code: 403”

Problem scenario
You run a kubectl command but you get this error:

“could not get token: AccessDenied: Access denied
        status code: 403, request id:
Unable to connect to the server: getting credentials: exec: exit status 1″

What should you do?

Solution
The root cause is likely that your .kube directory has an incorrect configuration file. 

Possible Solution #1
If you are not using Amazon EKS,

How Do You Troubleshoot an Ansible Error about a User Not Being Able to Authenticate when the Module is Supposed to Interact with a Database?

Problem scenario
You have an Ansible module that uses a database module.  When you run the playbook, you get an error about a user being unable to authenticate when this database module is run.  What could be wrong?

Solution
Is the user in the error message a user that is created via the playbook?  If it is, does that user get assigned a password? 

How Do You Troubleshoot the Amazon EKS Web Console Error “AccessDeniedException not authorized to perform: iam:PassRole on resource”?

Problem scenario
You are logged into the AWS web console.  You try to perform an operation but you get this error:

“AccessDeniedException
User: arn:aws:iam::12345678910:user/jdoe is not authorized to perform: iam:PassRole on resource: arn:aws:iam::12345678910:role/rolename”

What should you do?

Solution
1.  Create a role with “EKS” (to create Kubernetes clusters).  If you don’t know how, see this posting.
2. 

How Do You Determine the URL for the AWS Web Console for a Non-root User?

Problem scenario
You created an AWS Console user (e.g., an IAM user).  You want to log into the web UI with the user.  You have the username and password.  What is the URL for the AWS web console for a non-root user?

Solution
1.  Log into the web UI.
2.  Go here: https://console.aws.amazon.com/iam/home?
3.  Go to Users on the left.  

How Do You SSH to a GCP server?

Problem scenario
You cannot SSH into a Linux Google Cloud Platform server.  How do you create new GCP servers that you can SSH into?

Solution
Summary
Use the “Startup script” in Google Cloud Platform.  This script comes with precautions.  Be careful when pasting it.  The lines can potentially not wrap properly.  Carriage returns could be introduced to make this script fail.  Be very careful because this script creates a user with sudoer privileges. 

How Do You Run a Docker Container as a Non-root User?

Problem scenario
You run this command: docker run -it ubuntu bash

docker: Got permission denied while trying to connect to the Docker daemon sockes/create: dial unix /var/run/docker.sock: connect: permission denied.

You do not want to run a Docker container as a privileged user (as a recommended practice).  What should you do?

Solution
Background: “To do builds in the cluster,

How Do You Troubleshoot an ldapsearch -x command Returning “No such object”?

Problem scenario
You want to test your OpenLDAP configuration.  You run an “ldapsearch -x” command in hope that it wil l return a “Success.”  You run the “ldapsearch -x” command, and you see this:

“# search result
search: 2
result: 32 No such object”

What should you do?

Solution
Verify your /etc/ldap/ldap.conf is configured correctly.  The BASE stanza should have one or possibly three “dc=” entries separated by commas.

How Do You Troubleshoot the kubectl Message “Connection error: Unable to connect to the server:” with AWS?

Problem scenario
You are using Kubernetes in AWS.  When using a kubectl command you get this error: “Connection error: Unable to connect to the server:  getting credentials: exec: exit status 1  … Could not get token: AccessDenied: Access denied”

What should you do?

Possible Solution #1
Was the user who created the Kubernetes cluster a different user from the user that is configured with your AWS CLI?

How Do You Create an AWS User with Web Console Access to View EKS Clusters in the AWS Console?

One of the following problem scenarios apply.

Problem scenario #1
You want an AWS user to be able to log into the web console and view EKS clusters.  How do you do this?

OR

Problem scenario #2
You are using AWS and when you log into the AWS Console via a web browser with a user who is a member of a Group with two EKS policies,

How Do You Create an IAM User Account in AWS to Run AWS CLI Commands and Log into the AWS Web UI to Manage EKS?

Problem scenario
You want to use Amazon EKS.  You tried to run an “aws eks” command but got an error about the root user not being allowed to perform the operation.  How do you create an IAM user account in AWS to run AWS CLI commands for EKS and log into the AWS web UI and view EKS clusters?

Solution
Prerequisite

This assumes you have a group that has the correct policies to enable EKS manipulation.