I have followed the documentation:
https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/hosted-kubernetes-clusters/eks/
With the following settings:
- Rancher Generated Service Role
- Private Only VPC
- A public and Private Subnet within the above VPC
I have v2.1.5 locally within our VMWare environment configured in HA Mode.
My service user has the following permissions:
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “VisualEditor0”,
“Effect”: “Allow”,
“Action”: [
“ec2:AuthorizeSecurityGroupIngress”,
“ec2:Describe*”,
“ec2:ImportKeyPair”,
“ec2:CreateKeyPair”,
“ec2:CreateSecurityGroup”,
“ec2:CreateInternetGateway”,
“ec2:CreateTags”,
“iam:ListRoles”,
“iam:AttachRolePolicy”,
“ec2:DeleteKeyPair”
],
“Resource”: “"
},
{
“Sid”: “VisualEditor1”,
“Effect”: “Allow”,
“Action”: [
“iam:PassRole”,
“ec2:RunInstances”
],
“Resource”: [
"arn:aws:ec2:us-east-1:AccountID:subnet/”,
“arn:aws:ec2:us-east-1:AccountID:network-interface/",
"arn:aws:ec2:us-east-1::image/ami-”,
“arn:aws:ec2:us-east-1:AccountID:key-pair/",
"arn:aws:ec2:us-east-1:AccountID:instance/”,
“arn:aws:ec2:us-east-1:AccountID:security-group/",
"arn:aws:ec2:us-east-1:AccountID:placement-group/”,
“arn:aws:ec2:us-east-1:AccountID:volume/",
“arn:aws:iam::AccountID:role/eksServiceRole”
]
},
{
“Sid”: “VisualEditor2”,
“Effect”: “Allow”,
“Action”: [
“ec2:RebootInstances”,
“ec2:TerminateInstances”,
“ec2:StartInstances”,
“ec2:StopInstances”
],
“Resource”: "arn:aws:ec2:us-east-1:AccountID:instance/”
}
]
}
I am receviing the following error:
2019/03/15 12:18:54 [INFO] Waiting for cluster to finish provisioning
2019/03/15 12:18:54 [INFO] Cluster provisioned successfully
2019/03/15 12:18:54 [INFO] Creating worker nodes
2019/03/15 12:19:00 [ERROR] ClusterController c-rdblx [cluster-provisioner-controller] failed with : error creating stack: stack failed to create: Resource creation cancelled
It appears that rancher is attempting to recreate the stack multiple times from the CloudTrail logs:
Creates Service-Node Stack : “stackName”: “c-rdblx-eks-service-role”
Create the Role
Poll Newly Created stack (DescribeStacks then DescribeStackEvents)
Create the Cluster:“requestParameters”: {“name”: “c-rdblx”}
Poll for cluster completion
Create key
Create Worker-node Stack: “stackName”: “c-rdblx-eks-worker-nodes”
Poll Newly Created stack (DescribeStacks then DescribeStackEvents)
Repeats the process: “errorMessage”: “Stack [c-rdblx-eks-service-role] already exists”,
“eventName”: “CreateCluster”,“errorCode”: “ResourceInUseException”,“requestParameters”: {“name”: “c-rdblx”,}
“errorMessage”: “Stack [c-rdblx-eks-worker-nodes] already exists”,
“errorMessage”: “The keypair ‘c-rdblx-ec2-key-pair’ already exists.”,