Cluster operator cloud-credential is degraded: InvalidClientTokenId

Solution Unverified - Updated -

Issue

  • Cloud-credential operator reporting the following conditions and is in degraded state:
Conditions:
    Last Transition Time:  2021-07-05T16:22:28Z
    Status:                True
    Type:                  Available
    Last Transition Time:  2021-08-27T07:33:30Z
    Message:               1 of 5 credentials requests are failing to sync.
    Reason:                CredentialsFailing
    Status:                True
    Type:                  Degraded
    Last Transition Time:  2021-08-27T07:43:58Z
    Message:               4 of 5 credentials requests provisioned, 1 reporting errors.
    Reason:                Reconciling
    Status:                True
    Type:                  Progressing
  • The pod logs indicate for the cloud operator:
2021-08-27T07:44:00.242993569Z time="2021-08-27T07:44:00Z" level=info msg="validating cloud cred secret" controller=secretannotator
2021-08-27T07:44:00.315875863Z time="2021-08-27T07:44:00Z" level=error msg="error while validating cloud credentials: failed checking create cloud creds: error gathering AWS credentials details: error querying username: InvalidClientTokenId: The security token included in the request is invalid.\n\tstatus code: 403, request id: <redacted>" controller=secretannotator
2021-08-27T07:44:00.405199151Z time="2021-08-27T07:44:00Z" level=info msg="syncing credentials request" controller=credreq cr=openshift-cloud-credential-operator/openshift-machine-api-aws
2021-08-27T07:44:00.792038495Z time="2021-08-27T07:44:00Z" level=error msg="cloud credentials insufficient to satisfy credentials request" actuator=aws cr=openshift-cloud-credential-operator/openshift-machine-api-aws
2021-08-27T07:44:00.792038495Z time="2021-08-27T07:44:00Z" level=error msg="error syncing credentials: cloud credentials insufficient to satisfy credentials request" controller=credreq cr=openshift-cloud-credential-operator/openshift-machine-api-aws secret=openshift-machine-api/aws-cloud-credentials
2021-08-27T07:44:00.792062149Z time="2021-08-27T07:44:00Z" level=error msg="errored with condition: InsufficientCloudCreds" controller=credreq cr=openshift-cloud-credential-operator/openshift-machine-api-aws secret=openshift-machine-api/aws-cloud-credentials
  • Our primary error:
AWS credentials details: error querying username: InvalidClientTokenId: The security token included in the request is invalid.\n\tstatus code: 403

Environment

  • OCP4.7,4.8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In