search

aws-ia / terraform-aws-eks-blueprints

Configure and deploy complete EKS clusters.
https://aws-ia.github.io/terraform-aws-eks-blueprints/
Apache License 2.0
2.71k stars 1.42k forks source link

[Bug]: Ec2LaunchTemplateInvalidConfiguration: User data was not in the MIME multipart format. #843

Closed cajual closed 2 years ago

cajual commented 2 years ago

Welcome to Amazon EKS Blueprints!

Amazon EKS Blueprints Release version

v4.6.2

What is your environment, configuration and the example used?

❯ terragrunt --version
terragrunt version v0.38.7

❯ terraform version
Terraform v1.2.7
on darwin_arm64
+ provider registry.terraform.io/gavinbunney/kubectl v1.14.0
+ provider registry.terraform.io/hashicorp/aws v4.24.0
+ provider registry.terraform.io/hashicorp/cloudinit v2.2.0
+ provider registry.terraform.io/hashicorp/helm v2.6.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.12.1
+ provider registry.terraform.io/hashicorp/local v2.2.3
+ provider registry.terraform.io/hashicorp/null v3.1.1
+ provider registry.terraform.io/hashicorp/random v3.3.2
+ provider registry.terraform.io/hashicorp/time v0.7.2
+ provider registry.terraform.io/hashicorp/tls v3.4.0
+ provider registry.terraform.io/terraform-aws-modules/http v2.4.1
module "eks_blueprints" {
  source = "github.com/aws-ia/terraform-aws-eks-blueprints?ref=v4.6.2"

  cluster_name    = var.base_name
  cluster_version = "1.22"

  enable_irsa = true

  vpc_id             = data.aws_vpc.this.id
  private_subnet_ids = data.aws_subnets.private.ids

  node_security_group_additional_rules = {
    # Extend node-to-node security group rules. Recommended and required for the Add-ons
    ingress_self_all = {
      description = "Node to node all ports/protocols"
      protocol    = "-1"
      from_port   = 0
      to_port     = 0
      type        = "ingress"
      self        = true
    }

    # Recommended outbound traffic for Node groups
    egress_all = {
      description      = "Node all egress"
      protocol         = "-1"
      from_port        = 0
      to_port          = 0
      type             = "egress"
      cidr_blocks      = ["0.0.0.0/0"]
      ipv6_cidr_blocks = ["::/0"]
    }

    # Allows Control Plane Nodes to talk to Worker nodes on Karpenter ports.
    # This can be extended further to specific port based on the requirement for others Add-on e.g., metrics-server 4443, spark-operator 8080, etc.
    # Change this according to your security requirements if needed
    ingress_nodes_karpenter_port = {
      description                   = "Cluster API to Nodegroup for Karpenter"
      protocol                      = "tcp"
      from_port                     = 8443
      to_port                       = 8443
      type                          = "ingress"
      source_cluster_security_group = true
    }
  }

  # Add karpenter.sh/discovery tag so that we can use this as securityGroupSelector in karpenter provisioner
  node_security_group_tags = {
    "karpenter.sh/discovery/${var.base_name}" = var.base_name
  }

  managed_node_groups = {
    mg_5 = {
      node_group_name = "managed-ondemand"
      instance_types  = ["m5.large"]

      subnet_ids   = data.aws_subnets.private.ids
      max_size     = 7
      desired_size = 5
      min_size     = 3
      update_config = [{
        max_unavailable_percentage = 30
      }]

      # Launch template configuration
      create_launch_template = true           # false will use the default launch template
      launch_template_os     = "bottlerocket" # amazonlinux2eks or bottlerocket
    }
  }

  tags = local.tags
}
enable_karpenter                    = true
module "karpenter_launch_templates" {
  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/launch-templates?ref=v4.6.2"

  eks_cluster_id = module.eks_blueprints.eks_cluster_id

  launch_template_config = {
    bottlerocket = {
      ami                    = data.aws_ami.bottlerocket.id
      launch_template_os     = "bottlerocket"
      launch_template_prefix = "bottle"
      iam_instance_profile   = module.eks_blueprints.managed_node_group_iam_instance_profile_id[0]
      vpc_security_group_ids = [module.eks_blueprints.worker_node_security_group_id]
      block_device_mappings = [
        {
          device_name = "/dev/xvda"
          volume_type = "gp3"
          volume_size = 200
        }
      ]
    }
  }

  tags = merge(local.tags, { Name = "karpenter" })
}

What did you do and What did you see instead?

Expected:

Configuration successfully applied.

Actual:

╷
│ Error: error waiting for EKS Node Group (blueprint:managed-ondemand-20220811183410914900000001) to create: unexpected state 'CREATE_FAILED', wanted target 'ACTIVE'. last error: 1 error occurred:
│   * : Ec2LaunchTemplateInvalidConfiguration: User data was not in the MIME multipart format.
│
│
│
│   with module.eks_blueprints.module.aws_eks_managed_node_groups["mg_5"].aws_eks_node_group.managed_ng,
│   on .terraform/modules/eks_blueprints/modules/aws-eks-managed-node-groups/main.tf line 1, in resource "aws_eks_node_group" "managed_ng":
│    1: resource "aws_eks_node_group" "managed_ng" {
│
╵

Additional Information

Similar issue seen here: https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1729

cajual commented 2 years ago

Updating the following worked:

  my_nodegroup = {
      node_group_name = "my-managed-nodes"
      ami_type = "BOTTLEROCKET_x86_64"
      capacity_type = "ON_DEMAND"
bryantbiggs commented 2 years ago

closing as resolved