search

eksctl-io / eksctl

The official CLI for Amazon EKS
https://eksctl.io
Other
4.93k stars 1.41k forks source link

eksctl create cluster failed #5173

Closed jsitu777 closed 2 years ago

jsitu777 commented 2 years ago

eksctl create cluster failed:

ec2-user:~/environment $ eksctl create cluster -f eksworkshop.yaml
2022-04-26 05:08:30 [!]  SSM is now enabled by default; `ssh.enableSSM` is deprecated and will be removed in a future release
2022-04-26 05:08:30 [ℹ]  eksctl version 0.94.0
2022-04-26 05:08:30 [ℹ]  using region us-west-1
2022-04-26 05:08:30 [ℹ]  subnets for us-west-1b - public:192.168.0.0/19 private:192.168.96.0/19
2022-04-26 05:08:30 [ℹ]  subnets for us-west-1c - public:192.168.32.0/19 private:192.168.128.0/19
2022-04-26 05:08:30 [ℹ]  subnets for  - public:192.168.64.0/19 private:192.168.160.0/19
2022-04-26 05:08:30 [ℹ]  nodegroup "nodegroup" will use "" [AmazonLinux2/1.19]
2022-04-26 05:08:30 [ℹ]  using Kubernetes version 1.19
2022-04-26 05:08:30 [ℹ]  creating EKS cluster "eksworkshop-eksctl" in "us-west-1" region with managed nodes
2022-04-26 05:08:30 [ℹ]  1 nodegroup (nodegroup) was included (based on the include/exclude rules)
2022-04-26 05:08:30 [ℹ]  will create a CloudFormation stack for cluster itself and 0 nodegroup stack(s)
2022-04-26 05:08:30 [ℹ]  will create a CloudFormation stack for cluster itself and 1 managed nodegroup stack(s)
2022-04-26 05:08:30 [ℹ]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-west-1 --cluster=eksworkshop-eksctl'
2022-04-26 05:08:30 [ℹ]  Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "eksworkshop-eksctl" in "us-west-1"
2022-04-26 05:08:30 [ℹ]  CloudWatch logging will not be enabled for cluster "eksworkshop-eksctl" in "us-west-1"
2022-04-26 05:08:30 [ℹ]  you can enable it with 'eksctl utils update-cluster-logging --enable-types={SPECIFY-YOUR-LOG-TYPES-HERE (e.g. all)} --region=us-west-1 --cluster=eksworkshop-eksctl'
2022-04-26 05:08:30 [ℹ]  
2 sequential tasks: { create cluster control plane "eksworkshop-eksctl", 
    2 sequential sub-tasks: { 
        wait for control plane to become ready,
        create managed nodegroup "nodegroup",
    } 
}
2022-04-26 05:08:30 [ℹ]  building cluster stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:08:30 [ℹ]  deploying stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:09:00 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:09:30 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:10:30 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:11:30 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:12:30 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:13:30 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:14:30 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:15:30 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:16:31 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:17:31 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:18:31 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:19:31 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:20:31 [ℹ]  waiting for CloudFormation stack "eksctl-eksworkshop-eksctl-cluster"
2022-04-26 05:20:31 [!]  1 error(s) occurred and cluster hasn't been created properly, you may wish to check CloudFormation console
2022-04-26 05:20:31 [ℹ]  to cleanup resources, run 'eksctl delete cluster --region=us-west-1 --name=eksworkshop-eksctl'
2022-04-26 05:20:31 [✖]  getting stack "eksctl-eksworkshop-eksctl-cluster" outputs: couldn't import subnet subnet-06ea5af280253e579: subnet ID "subnet-0068d4ea9652c80bc" is not the same as "subnet-06ea5af280253e579"
Error: failed to create cluster "eksworkshop-eksctl"

What is the potential issue for this? The IAM role is valid

ec2-user:~/environment $ aws sts get-caller-identity --query Arn | grep eksworkshop-admin -q && echo "IAM role valid" || echo "IAM role NOT valid"
IAM role valid

yaml file:

cat << EOF > eksworkshop.yaml
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: eksworkshop-eksctl
  region: ${AWS_REGION}
  version: "1.19"

availabilityZones: ["${AZS[0]}", "${AZS[1]}", "${AZS[2]}"]

managedNodeGroups:
- name: nodegroup
  desiredCapacity: 3
  instanceType: t3.small
  ssh:
    enableSsm: true

# To enable all of the control plane logs, uncomment below:
# cloudWatch:
#  clusterLogging:
#    enableTypes: ["*"]

secretsEncryption:
  keyARN: ${MASTER_ARN}
EOF
cPu1 commented 2 years ago 
availabilityZones: ["${AZS[0]}", "${AZS[1]}", "${AZS[2]}"]

It looks like you have supplied an empty string for the third AZ (AZS[2]). If you fix this and rerun the command, it will work.

jsitu777 commented 2 years ago

yes. I just fixed it. No wonder it requires to set up environment for us-west-2. (I used us-west-1) https://www.eksworkshop.com/020_prerequisites/workspace/

After I switch the region, the third availabilityZone is no longer empty: ["us-west-2a", "us-west-2b", "us-west-2c"]

And the clusters are created successfully.

Admin:~/environment $ kubectl get nodes # if we see our 3 nodes, we know we have authenticated correctly
NAME                                          STATUS   ROLES    AGE   VERSION
ip-192-168-19-45.us-west-2.compute.internal   Ready    <none>   55m   v1.19.15-eks-9c63c4
ip-192-168-63-36.us-west-2.compute.internal   Ready    <none>   55m   v1.19.15-eks-9c63c4
ip-192-168-79-54.us-west-2.compute.internal   Ready    <none>   55m   v1.19.15-eks-9c63c4
cPu1 commented 2 years ago

Glad it's working now. Please feel free to open a new issue if you have more questions.

dgm commented 2 years ago

I just want to add, I see this is part of the eksworkshop process .. the cluster control file they provide expects 3 availability zones, but if you happen to choose a zone that has only two AZ's, the yaml file ends up with an empty string. The AZS environment variable created here: https://www.eksworkshop.com/020_prerequisites/workspaceiam/ only has two elements, and the eksworkshop.yaml file created here tries to reference a third AZ. https://www.eksworkshop.com/030_eksctl/launcheks/