Open iancward opened 3 months ago
This is a known limitation, and the workaround you are doing is correct. It's impossible for EKS to know if a custom AMI is going to be used in a Linux or Windows node group. We guess Linux since it's by the far the most commonly used OS type. This problem exists whether you are using aws-auth config map, or access entry, it's not a new problem introduced with access entry.
Community Note
Tell us about your request AWS-managed Windows node group with custom AMI/launch template doesn't get correct permissions when Access Policies are enabled in cluster.
Which service(s) is this request for? EKS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? We're trying to adopt Access Entries for EKS and we've found that, when creating an AWS-managed Windows node group, the Access Policy is created as "EC2 Linux" rather than "EC2 Windows." The result is that the node doesn't get appropriate cluster permissions and kube-proxy throws errors.
Are you currently working around this issue? We're working around this by creating the Access Policy entry prior to creating the node group.