It’s probably due to the version of k8s on EKS you’re using.
According to the docs for Rancher 2.7, this supports k8s on EKS from version 1.23 onwards. If you’re running 1.22, it’s not officially supported.
Rancher 2.6.9 is certified from k8s 1.20 to k8s 1.23 on EKS, so that would be a better place to start with until you’ve updated your clusters to at least k8s 1.23.
How are you creating the clusters? Through Rancher, or in EKS and importing them into Rancher?
Do you have any additional logging available? Perhaps from the agents on the clusters themselves? The logging for the agents on clusters may provide some additional insight (for example, authentication errors)
You should be able to check the logs with kubectl as long as you have access to the config, or perhaps with the info from the EKS console.
Manually updated all existing clusters to v1.24, but still had connection issues with existing clusters and creating new ended with connection issues as well.
Upgraded Rancher to 2.7-head and success, new Agents was deployed and they are able to connect, and I was able to create new clusters
I am also running into similar issues when trying to start up a vSphere cluster (v1.25.9) on rancher 2.7.3. Its possible I might be doing something wrong but symptoms are the same.
i’m having the same issues! luckaly we are just running staging stuff on rancher. It’s not production stable of you ask me. Did anyone figure out a potential solution for this?
I was stuck in the same situation and after figuring out the lot of staff finally resolve the problem by using the same Kubectl version on both end. Actually Rancher is running with Kubernetes version 1.26.4 and I was using the 1.27.3 version. After downgrade the version to 1.26.4 agent got connected facing no error.
edit the configmap aws-auth in eks and add add the iam user with eks access to make this work
like below
apiVersion: v1
data:
mapRoles: |
- groups:
- system:bootstrappers
- system:nodes
rolearn: arn:aws:iam::xxxxxxxx:role/eksctl-mycluster-nodegroup-eksdem-NodeInstanceRole-KP5A9ZLNY7CC
username: system:node:{{EC2PrivateDNSName}}
mapUsers: |
- userarn: arn:aws:iam::051542606790:user/eks
username: eks
groups:
- system:masters
kind: ConfigMap
metadata:
creationTimestamp: “2023-07-20T03:34:45Z”
name: aws-auth
namespace: kube-system
resourceVersion: “916206”
uid: 9b3d0a03-093f-4a65-b174-d866d8fab748
I was using a “real” TLS HTTPS certificate that is validated by an official public CA.
This is a “no go” with the default settings from Rancher 2.9 and up. To use an external validated certificate you have to change the settings from Strict (Where only the Rancher generated CA will be accepted, so you have to distribute this CA Certificate manually) to System Store.