Why do I see wrong credentials or access denied messages when I create a PVC?
Virtual Private Cloud Classic infrastructure
This troubleshooting topic applies only to Red Hat OpenShift clusters that run version 3.11.
When you create the PVC, you see an error message similar to one of the following:
SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. For more information, see REST Authentication and SOAP Authentication for details.
AccessDenied: Access Denied status code: 403
CredentialsEndpointError: failed to load credentials
InvalidAccessKeyId: The AWS Access Key ID you provided does not exist in our records`
can't access bucket <bucket_name>: Forbidden: Forbidden
The IBM Cloud Object Storage service credentials that you use to access the service instance might be wrong, or allow only read access to your bucket.
Create a new secret.
- In the navigation on the service details page, click Service Credentials.
- Find your credentials, then click View credentials.
- In the iam_role_crn section, verify that you have the
Writer
orManager
role. If you don't have the correct role, you must create new IBM Cloud Object Storage service credentials with the correct permission. - If the role is correct, verify that you use the correct
access_key_id
andsecret_access_key
in your Kubernetes secret. - Create a new secret with the updated
access_key_id
andsecret_access_key
.