I have tried numerous times to create a cluster in EKS.
Currently there are two issues I can see:
Stuck at “Waiting for API to be available” now 35 mins since creating the EKS cluster via rancher.
The node group has been created and 3 instances in the node group (using EKS optimised AMZ linux AMI, for my region) but these have not joined the cluster (no kubelet running). They then fail with:
Instances failed to join the kubernetes cluster
The Rancher server (docker run …) is on a dedicated EC2 instance on a subnet in the VPC where the instances are.
I also have the message:
“Your current user or role does not have access to Kubernetes objects on this EKS cluster
This may be due to the current user or role not having Kubernetes RBAC permissions to describe cluster resources or not having an entry in the cluster’s auth config map.”
This is because I created a new IAM role for rancher to create all the AWS resources (as per docs) and this user is the principal IAM user for the EKS cluster. As I cannot access the cluster yet via rancher, I can’t add my own AWS user to the aws-auth config map to probe about manually.
Two day messing with this and still no cluster.
I’ve no idea how to resolve any of this, other than throw Rancher in the bin and just go vanilla EKS.
Any help appreciated.
For Waiting for API to be available - typically this happens when you haven’t prepared your nodes before running Rancher 2.x Cluster Install from the Rancher Web UI . For instance, see the post here Stuck at "Waiting for API to be available" - #5 by anandr781 . What I found is node preparation is an essential step (see : Rancher Docs: Requirements) ensure the following :
- Before you retry ensure your EC2 hosts are devoid of residue docker images [let me know if you need the script]
- Ensure a compatible docker version is installed for the rancher version
- Ensure the security groups does not block host to host communication . You refer this link for the port communication necessary depending on how your cluster topology is going to look like : Rancher Docs: Requirements [Goto ports section].
Also checkout EKS specific requirements here : Rancher Docs: Minimum EKS Permissions
and Rancher Docs: Creating an EKS Cluster
Thank you for the response,
With EKS and EKS Managed Node groups, I wasn’t aware there were any node preparation prerequisites? EKS provisions nodes in an Auto scaling group itself.
The docs you link to: Rancher Docs: Creating an EKS Cluster don’t mention node preparation.
As far as I can tell, if I pick an EKS AMI image it has scripts built in to bootstrap EKS nodes.
I’ve tried ubuntu-eks and amazon linux EKS images.
I’ve tried all combinations for K8s 1.20 and 1.21
I don’t believe I have a permissions issue.
I have tried a half dozen times again today.
But I still get the error: “Instances failed to join the kubernetes cluster”
Update: As per buried somewhere in the AWS docs, if you manually select a AMI image to use in the EKS auto scaling group definition, EKS bootstrap scripts are not run.
We must leave the AMI image selection blank, or call the EKS node bootstrap script inside “User Data” or manually at some point after instance creation.
I believe these machine images don’t have any firewalld or ufw like service running . Secondly have the right host level security group configuration. Is that correct ?