search

eksctl-io / eksctl

The official CLI for Amazon EKS
https://eksctl.io
Other
4.94k stars 1.41k forks source link

[Bug] waiter state transitioned to Failure #8038

Open romosa opened 14 hours ago

romosa commented 14 hours ago

What were you trying to accomplish?

Creating a new cluster using eksctl. cluster-name.yaml

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: rda-nextgen-cluster
  region: us-east-1
  version: '1.30'
  tags:
    karpenter.sh/discovery: rda-nextgen-cluster
    Project: PROJECT
    Owner: "OWNER"
iam:
  withOIDC: true

karpenter:
  version: "v0.37.6"
  createServiceAccount: true

vpc:
  id: "vpc-e3acb19a"
  clusterEndpoints:
    publicAccess:  true
    privateAccess: true
  subnets:
    private:
      us-east-1a:
          id: "subnet-02c596ebf9040855b"
      us-east-1b:
          id: "subnet-0eed2c227f4fab862"
      us-east-1c:
          id: "subnet-00b82be5d489fab38"

managedNodeGroups:
  - name: rda-nextgen-cluster-ng
    minSize: 1
    maxSize: 2
    instanceType: t3.medium
    desiredCapacity: 1
    volumeSize: 80
    ssh:
      allow: true
    tags:
      Project: PROJECT
      Owner: "OWNER"
    iam:
      attachPolicyARNs:
      - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
      - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
      - arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess
      - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
      - arn:aws:iam::aws:policy/AmazonEBSCSIDriverPolicy
      - arn:aws:iam::aws:policy/AWSNetworkManagerFullAccess
      withAddonPolicies:
        ebs: true
        efs: true

What happened?

ubuntu@ip-172-31-40-217:~$ eksctl create cluster -f cluster-name.yaml -v 5 
2024-11-22 12:02:55 [▶]  Setting credentials expiry window to 30 minutes
2024-11-22 12:02:55 [▶]  role ARN for the current session is "arn:aws:iam::REDACTED_AWS_ACCOUNT:user/REDACTED_EMAIL"
2024-11-22 12:02:55 [ℹ]  eksctl version 0.194.0
2024-11-22 12:02:55 [ℹ]  using region us-east-1
2024-11-22 12:02:56 [✔]  using existing VPC (vpc-e3acb19a) and subnets (private:map[us-east-1a:{subnet-02c596ebf9040855b us-east-1a 172.31.208.0/20 0 } us-east-1b:{subnet-0eed2c227f4fab862 us-east-1b 172.31.224.0/20 0 } us-east-1c:{subnet-00b82be5d489fab38 us-east-1c 172.31.240.0/20 0 }] public:map[])
2024-11-22 12:02:56 [!]  custom VPC/subnets will be used; if resulting cluster doesn't function as expected, make sure to review the configuration of VPC/subnets
2024-11-22 12:02:56 [ℹ]  nodegroup "cluster-name-ng" will use "" [AmazonLinux2023/1.30]
2024-11-22 12:02:56 [ℹ]  using SSH public key "/home/ubuntu/.ssh/id_rsa.pub" as "eksctl-cluster-name-nodegroup-cluster-name-ng-69:8e:00:33:07:58:ef:a2:2d:5d:47:1c:b1:18:2c:21" 
2024-11-22 12:02:56 [▶]  importing SSH public key "eksctl-cluster-name-nodegroup-cluster-name-ng-69:8e:00:33:07:58:ef:a2:2d:5d:47:1c:b1:18:2c:21"
2024-11-22 12:02:56 [ℹ]  using Kubernetes version 1.30
2024-11-22 12:02:56 [ℹ]  creating EKS cluster "cluster-name" in "us-east-1" region with managed nodes
2024-11-22 12:02:56 [▶]  cfg.json = \
{
    "kind": "ClusterConfig",
    "apiVersion": "eksctl.io/v1alpha5",
    "metadata": {
        "name": "cluster-name",
        "region": "us-east-1",
        "version": "1.30",
        "tags": {
            "Owner": "OWNER",
            "Project": "PROJECT",
            "karpenter.sh/discovery": "cluster-name"
        }
    },
    "iam": {
        "withOIDC": true,
        "vpcResourceControllerPolicy": true
    },
    "accessConfig": {
        "authenticationMode": "API_AND_CONFIG_MAP"
    },
    "vpc": {
        "id": "vpc-e3acb19a",
        "cidr": "172.31.0.0/16",
        "subnets": {
            "private": {
                "us-east-1a": {
                    "id": "subnet-02c596ebf9040855b",
                    "az": "us-east-1a",
                    "cidr": "172.31.208.0/20"
                },
                "us-east-1b": {
                    "id": "subnet-0eed2c227f4fab862",
                    "az": "us-east-1b",
                    "cidr": "172.31.224.0/20"
                },
                "us-east-1c": {
                    "id": "subnet-00b82be5d489fab38",
                    "az": "us-east-1c",
                    "cidr": "172.31.240.0/20"
                }
            }
        },
        "manageSharedNodeSecurityGroupRules": true,
        "nat": {
            "gateway": "Single"
        },
        "clusterEndpoints": {
            "privateAccess": true,
            "publicAccess": true
        }
    },
    "addonsConfig": {},
    "privateCluster": {
        "enabled": false,
        "skipEndpointCreation": false
    },
    "managedNodeGroups": [
        {
            "name": "cluster-name-ng",
            "amiFamily": "AmazonLinux2023",
            "instanceType": "t3.medium",
            "desiredCapacity": 1,
            "minSize": 1,
            "maxSize": 2,
            "volumeSize": 80,
            "ssh": {
                "allow": true,
                "publicKeyPath": "~/.ssh/id_rsa.pub",
                "publicKeyName": "eksctl-cluster-name-nodegroup-cluster-name-ng-69:8e:00:33:07:58:ef:a2:2d:5d:47:1c:b1:18:2c:21"
            },
            "labels": {
                "alpha.eksctl.io/cluster-name": "cluster-name",
                "alpha.eksctl.io/nodegroup-name": "cluster-name-ng"
            },
            "privateNetworking": false,
            "tags": {
                "Owner": "OWNER",
                "Project": "PROJECT",
                "alpha.eksctl.io/nodegroup-name": "cluster-name-ng",
                "alpha.eksctl.io/nodegroup-type": "managed"
            },
            "iam": {
                "attachPolicyARNs": [
                    "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
                    "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
                    "arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess",
                    "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
                    "arn:aws:iam::aws:policy/AmazonEBSCSIDriverPolicy",
                    "arn:aws:iam::aws:policy/AWSNetworkManagerFullAccess"
                ],
                "withAddonPolicies": {
                    "imageBuilder": false,
                    "autoScaler": false,
                    "externalDNS": false,
                    "certManager": false,
                    "appMesh": null,
                    "appMeshPreview": null,
                    "ebs": true,
                    "fsx": false,
                    "efs": true,
                    "awsLoadBalancerController": false,
                    "albIngress": false,
                    "xRay": false,
                    "cloudWatch": false
                }
            },
            "securityGroups": {
                "withShared": null,
                "withLocal": null
            },
            "volumeType": "gp3",
            "volumeIOPS": 3000,
            "volumeThroughput": 125,
            "disableIMDSv1": true,
            "disablePodIMDS": false,
            "instanceSelector": {},
            "releaseVersion": ""
        }
    ],
    "availabilityZones": [
        "us-east-1a",
        "us-east-1c",
        "us-east-1b"
    ],
    "karpenter": {
        "version": "v0.37.6",
        "createServiceAccount": true
    }
}

2024-11-22 12:02:56 [ℹ]  1 nodegroup (cluster-name-ng) was included (based on the include/exclude rules)
2024-11-22 12:02:56 [ℹ]  will create a CloudFormation stack for cluster itself and 0 nodegroup stack(s)
2024-11-22 12:02:56 [ℹ]  will create a CloudFormation stack for cluster itself and 1 managed nodegroup stack(s)
2024-11-22 12:02:56 [ℹ]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-east-1 --cluster=cluster-name'
2024-11-22 12:02:56 [ℹ]  Kubernetes API endpoint access will use provided values {publicAccess=true, privateAccess=true} for cluster "cluster-name" in "us-east-1"
2024-11-22 12:02:56 [ℹ]  CloudWatch logging will not be enabled for cluster "cluster-name" in "us-east-1"
2024-11-22 12:02:56 [ℹ]  you can enable it with 'eksctl utils update-cluster-logging --enable-types={SPECIFY-YOUR-LOG-TYPES-HERE (e.g. all)} --region=us-east-1 --cluster=cluster-name'
2024-11-22 12:02:56 [ℹ]  default addons vpc-cni, kube-proxy, coredns were not specified, will install them as EKS addons
2024-11-22 12:02:56 [ℹ]  
2 sequential tasks: { create cluster control plane "cluster-name", 
    2 sequential sub-tasks: { 
        5 sequential sub-tasks: { 
            1 task: { create addons },
            wait for control plane to become ready,
            associate IAM OIDC provider,
            no tasks,
            update VPC CNI to use IRSA if required,
        },
        create managed nodegroup "cluster-name-ng",
    } 
}
2024-11-22 12:02:56 [▶]  started task: create cluster control plane "cluster-name"
2024-11-22 12:02:56 [ℹ]  building cluster stack "eksctl-cluster-name-cluster"
2024-11-22 12:02:56 [▶]  CreateStackInput = &cloudformation.CreateStackInput{StackName:(*string)(0xc000cafb00), Capabilities:[]types.Capability{"CAPABILITY_IAM"}, ClientRequestToken:(*string)(nil), DisableRollback:(*bool)(0xc00095ba00), EnableTerminationProtection:(*bool)(nil), NotificationARNs:[]string(nil), OnFailure:"", Parameters:[]types.Parameter(nil), ResourceTypes:[]string(nil), RetainExceptOnCreate:(*bool)(nil), RoleARN:(*string)(nil), RollbackConfiguration:(*types.RollbackConfiguration)(nil), StackPolicyBody:(*string)(nil), StackPolicyURL:(*string)(nil), Tags:[]types.Tag{types.Tag{Key:(*string)(0xc000ba2d30), Value:(*string)(0xc000ba2d40), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000ba2d50), Value:(*string)(0xc000ba2d60), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000ba2d70), Value:(*string)(0xc000ba2d80), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000ba2d90), Value:(*string)(0xc000ba2da0), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000ba2db0), Value:(*string)(0xc000ba2dc0), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000ba2dd0), Value:(*string)(0xc000ba2de0), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000d8f3f0), Value:(*string)(0xc000d8f400), noSmithyDocumentSerde:document.NoSerde{}}}, TemplateBody:(*string)(0xc000d8f410), TemplateURL:(*string)(nil), TimeoutInMinutes:(*int32)(nil), noSmithyDocumentSerde:document.NoSerde{}}
2024-11-22 12:02:56 [ℹ]  deploying stack "eksctl-cluster-name-cluster"
2024-11-22 12:03:26 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:03:56 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:04:56 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:05:56 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:06:56 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:07:56 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:08:56 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:09:56 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:10:56 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:11:56 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:12:57 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:13:57 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:14:57 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-cluster"
2024-11-22 12:14:57 [▶]  processing stack outputs
2024-11-22 12:14:57 [▶]  completed task: create cluster control plane "cluster-name"
2024-11-22 12:14:57 [▶]  started task: 
    2 sequential sub-tasks: { 
        5 sequential sub-tasks: { 
            1 task: { create addons },
            wait for control plane to become ready,
            associate IAM OIDC provider,
            no tasks,
            update VPC CNI to use IRSA if required,
        },
        create managed nodegroup "cluster-name-ng",
    }

2024-11-22 12:14:57 [▶]  started task: 
    5 sequential sub-tasks: { 
        1 task: { create addons },
        wait for control plane to become ready,
        associate IAM OIDC provider,
        no tasks,
        update VPC CNI to use IRSA if required,
    }

2024-11-22 12:14:57 [▶]  started task: 1 task: { create addons }
2024-11-22 12:14:57 [▶]  started task: create addons
2024-11-22 12:14:57 [▶]  cluster = &types.Cluster{AccessConfig:(*types.AccessConfigResponse)(0xc000e318c0), Arn:(*string)(0xc000ab1fa0), CertificateAuthority:(*types.Certificate)(0xc000ab1ff0), ClientRequestToken:(*string)(nil), ConnectorConfig:(*types.ConnectorConfigResponse)(nil), CreatedAt:time.Date(2024, time.November, 22, 6, 33, 20, 45000000, time.UTC), EncryptionConfig:[]types.EncryptionConfig(nil), Endpoint:(*string)(0xc000ab1ef0), Health:(*types.ClusterHealth)(0xc000e31860), Id:(*string)(nil), Identity:(*types.Identity)(0xc000ab1fc0), KubernetesNetworkConfig:(*types.KubernetesNetworkConfigResponse)(0xc000754c90), Logging:(*types.Logging)(0xc000e31880), Name:(*string)(0xc000ab1f50), OutpostConfig:(*types.OutpostConfigResponse)(nil), PlatformVersion:(*string)(0xc000ab1f70), ResourcesVpcConfig:(*types.VpcConfigResponse)(0xc0001816c0), RoleArn:(*string)(0xc000ab1fb0), Status:"ACTIVE", Tags:map[string]string{"Name":"eksctl-cluster-name-cluster/ControlPlane", "Owner":"OWNER", "Project":"PROJECT", "alpha.eksctl.io/cluster-name":"cluster-name", "alpha.eksctl.io/cluster-oidc-enabled":"true", "alpha.eksctl.io/eksctl-version":"0.194.0", "aws:cloudformation:logical-id":"ControlPlane", "aws:cloudformation:stack-id":"arn:aws:cloudformation:us-east-1:REDACTED_AWS_ACCOUNT:stack/eksctl-cluster-name-cluster/9c214cc0-a89b-11ef-a325-0e3070d00009", "aws:cloudformation:stack-name":"eksctl-cluster-name-cluster", "eksctl.cluster.k8s.io/v1alpha1/cluster-name":"cluster-name", "karpenter.sh/discovery":"cluster-name"}, UpgradePolicy:(*types.UpgradePolicyResponse)(0xc000bd4fc0), Version:(*string)(0xc000ab1f80), ZonalShiftConfig:(*types.ZonalShiftConfigResponse)(nil), noSmithyDocumentSerde:document.NoSerde{}}
2024-11-22 12:14:57 [▶]  resolve conflicts set to OVERWRITE
2024-11-22 12:14:57 [▶]  addon: &{vpc-cni v1.19.0-eksbuild.1  [] map[]  {false false false false false false false} map[]  <nil> false  true [] [] []}
2024-11-22 12:14:57 [!]  recommended policies were found for "vpc-cni" addon, but since OIDC is disabled on the cluster, eksctl cannot configure the requested permissions; the recommended way to provide IAM permissions for "vpc-cni" addon is via pod identity associations; after addon creation is completed, add all recommended policies to the config file, under `addon.PodIdentityAssociations`, and run `eksctl update addon`
2024-11-22 12:14:57 [ℹ]  creating addon
2024-11-22 12:14:58 [▶]  EKS Create Addon output: {%!s(*string=0xc000dceee0) %!s(*string=0xc000dcef00) %!s(*string=0xc000dcef10) %!s(*string=0xc000dceef0) %!s(*string=<nil>) 2024-11-22 06:44:58.044 +0000 UTC %!s(*types.AddonHealth=&{[] {}}) %!s(*types.MarketplaceInformation=<nil>) 2024-11-22 06:44:58.059 +0000 UTC %!s(*string=<nil>) [] %!s(*string=<nil>) %!s(*string=<nil>) CREATING map[] {}}
2024-11-22 12:14:58 [ℹ]  successfully created addon
2024-11-22 12:14:58 [▶]  resolve conflicts set to OVERWRITE
2024-11-22 12:14:58 [▶]  addon: &{kube-proxy v1.30.6-eksbuild.3  [] map[]  {false false false false false false false} map[]  <nil> false  true [] [] []}
2024-11-22 12:14:58 [ℹ]  creating addon
2024-11-22 12:14:58 [▶]  EKS Create Addon output: {%!s(*string=0xc000dcf4b0) %!s(*string=0xc000dcf480) %!s(*string=0xc000dcf490) %!s(*string=0xc000dcf4a0) %!s(*string=<nil>) 2024-11-22 06:44:58.54 +0000 UTC %!s(*types.AddonHealth=&{[] {}}) %!s(*types.MarketplaceInformation=<nil>) 2024-11-22 06:44:58.556 +0000 UTC %!s(*string=<nil>) [] %!s(*string=<nil>) %!s(*string=<nil>) CREATING map[] {}}
2024-11-22 12:14:58 [ℹ]  successfully created addon
2024-11-22 12:14:58 [▶]  resolve conflicts set to OVERWRITE
2024-11-22 12:14:58 [▶]  addon: &{coredns v1.11.1-eksbuild.8  [] map[]  {false false false false false false false} map[]  <nil> false  true [] [] []}
2024-11-22 12:14:58 [ℹ]  creating addon
2024-11-22 12:14:59 [▶]  EKS Create Addon output: {%!s(*string=0xc000243dc0) %!s(*string=0xc000243d80) %!s(*string=0xc000243db0) %!s(*string=0xc000243d90) %!s(*string=<nil>) 2024-11-22 06:44:59.062 +0000 UTC %!s(*types.AddonHealth=&{[] {}}) %!s(*types.MarketplaceInformation=<nil>) 2024-11-22 06:44:59.076 +0000 UTC %!s(*string=<nil>) [] %!s(*string=<nil>) %!s(*string=<nil>) CREATING map[] {}}
2024-11-22 12:14:59 [ℹ]  successfully created addon
2024-11-22 12:14:59 [▶]  completed task: create addons
2024-11-22 12:14:59 [▶]  completed task: 1 task: { create addons }
2024-11-22 12:14:59 [▶]  started task: wait for control plane to become ready
2024-11-22 12:15:29 [!]  API server is unreachable
2024-11-22 12:15:29 [▶]  cluster = &types.Cluster{AccessConfig:(*types.AccessConfigResponse)(0xc000492de0), Arn:(*string)(0xc0006ef570), CertificateAuthority:(*types.Certificate)(0xc0006ef650), ClientRequestToken:(*string)(nil), ConnectorConfig:(*types.ConnectorConfigResponse)(nil), CreatedAt:time.Date(2024, time.November, 22, 6, 33, 20, 45000000, time.UTC), EncryptionConfig:[]types.EncryptionConfig(nil), Endpoint:(*string)(0xc0006ef710), Health:(*types.ClusterHealth)(0xc000492d60), Id:(*string)(nil), Identity:(*types.Identity)(0xc0006ef750), KubernetesNetworkConfig:(*types.KubernetesNetworkConfigResponse)(0xc000ab5ad0), Logging:(*types.Logging)(0xc000492da0), Name:(*string)(0xc0006ef6b0), OutpostConfig:(*types.OutpostConfigResponse)(nil), PlatformVersion:(*string)(0xc0006ef690), ResourcesVpcConfig:(*types.VpcConfigResponse)(0xc000848930), RoleArn:(*string)(0xc0006ef6d0), Status:"ACTIVE", Tags:map[string]string{"Name":"eksctl-cluster-name-cluster/ControlPlane", "Owner":"OWNER", "Project":"PROJECT", "alpha.eksctl.io/cluster-name":"cluster-name", "alpha.eksctl.io/cluster-oidc-enabled":"true", "alpha.eksctl.io/eksctl-version":"0.194.0", "aws:cloudformation:logical-id":"ControlPlane", "aws:cloudformation:stack-id":"arn:aws:cloudformation:us-east-1:REDACTED_AWS_ACCOUNT:stack/eksctl-cluster-name-cluster/9c214cc0-a89b-11ef-a325-0e3070d00009", "aws:cloudformation:stack-name":"eksctl-cluster-name-cluster", "eksctl.cluster.k8s.io/v1alpha1/cluster-name":"cluster-name", "karpenter.sh/discovery":"cluster-name"}, UpgradePolicy:(*types.UpgradePolicyResponse)(0xc000d97a40), Version:(*string)(0xc0006ef6f0), ZonalShiftConfig:(*types.ZonalShiftConfigResponse)(nil), noSmithyDocumentSerde:document.NoSerde{}}
2024-11-22 12:15:29 [▶]  completed task: wait for control plane to become ready
2024-11-22 12:15:29 [▶]  started task: associate IAM OIDC provider
2024-11-22 12:15:29 [▶]  completed task: associate IAM OIDC provider
2024-11-22 12:15:29 [▶]  started task: no tasks
2024-11-22 12:15:29 [▶]  no actual tasks
2024-11-22 12:15:29 [▶]  completed task: no tasks
2024-11-22 12:15:29 [▶]  started task: update VPC CNI to use IRSA if required
2024-11-22 12:15:29 [▶]  addon: &{vpc-cni v1.19.0-eksbuild.1  [arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy] map[]  {false false false false false false false} map[]  <nil> false  true [] [] []}
2024-11-22 12:15:29 [▶]  resolve conflicts set to OVERWRITE
2024-11-22 12:15:29 [▶]  addon: &{vpc-cni v1.19.0-eksbuild.1  [arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy] map[]  {false false false false false false false} map[]  <nil> false  true [] [] []}
2024-11-22 12:15:29 [▶]  found known service account location kube-system/aws-node
2024-11-22 12:15:29 [▶]  service account location provided: kube-system/aws-node, adding sub condition
2024-11-22 12:15:29 [▶]  CreateStackInput = &cloudformation.CreateStackInput{StackName:(*string)(0xc000a95030), Capabilities:[]types.Capability{"CAPABILITY_IAM"}, ClientRequestToken:(*string)(nil), DisableRollback:(*bool)(0xc000aad178), EnableTerminationProtection:(*bool)(nil), NotificationARNs:[]string(nil), OnFailure:"", Parameters:[]types.Parameter(nil), ResourceTypes:[]string(nil), RetainExceptOnCreate:(*bool)(nil), RoleARN:(*string)(nil), RollbackConfiguration:(*types.RollbackConfiguration)(nil), StackPolicyBody:(*string)(nil), StackPolicyURL:(*string)(nil), Tags:[]types.Tag{types.Tag{Key:(*string)(0xc000a94480), Value:(*string)(0xc000a94490), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000a944a0), Value:(*string)(0xc000a944b0), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000a944c0), Value:(*string)(0xc000a944d0), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000a944e0), Value:(*string)(0xc000a944f0), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000a94500), Value:(*string)(0xc000a94510), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000a94520), Value:(*string)(0xc000a94530), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000a95a30), Value:(*string)(0xc000a95ad0), noSmithyDocumentSerde:document.NoSerde{}}}, TemplateBody:(*string)(0xc000a95b00), TemplateURL:(*string)(nil), TimeoutInMinutes:(*int32)(nil), noSmithyDocumentSerde:document.NoSerde{}}
2024-11-22 12:15:30 [ℹ]  deploying stack "eksctl-cluster-name-addon-vpc-cni"
2024-11-22 12:15:30 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-addon-vpc-cni"
2024-11-22 12:16:00 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-addon-vpc-cni"
2024-11-22 12:16:00 [ℹ]  updating addon
2024-11-22 12:16:00 [▶]  &{AddonName:0xc0007c03c0 ClusterName:0xc0005269b0 AddonVersion:0xc000b12a30 ClientRequestToken:<nil> ConfigurationValues:<nil> PodIdentityAssociations:[] ResolveConflicts:OVERWRITE ServiceAccountRoleArn:0xc000b13940 noSmithyDocumentSerde:{}}
2024-11-22 12:16:00 [▶]  &{CreatedAt:2024-11-22 06:46:00.333 +0000 UTC Errors:[] Id:0xc000135010 Params:[{Type:AddonVersion Value:0xc000135030 noSmithyDocumentSerde:{}} {Type:ServiceAccountRoleArn Value:0xc000135040 noSmithyDocumentSerde:{}} {Type:ResolveConflicts Value:0xc000135050 noSmithyDocumentSerde:{}}] Status:InProgress Type:AddonUpdate noSmithyDocumentSerde:{}}
2024-11-22 12:16:10 [ℹ]  addon "vpc-cni" active
2024-11-22 12:16:10 [▶]  completed task: update VPC CNI to use IRSA if required
2024-11-22 12:16:10 [▶]  completed task: 
    5 sequential sub-tasks: { 
        1 task: { create addons },
        wait for control plane to become ready,
        associate IAM OIDC provider,
        no tasks,
        update VPC CNI to use IRSA if required,
    }

2024-11-22 12:16:10 [▶]  started task: create managed nodegroup "cluster-name-ng"
2024-11-22 12:16:10 [▶]  waiting for 1 parallel tasks to complete
2024-11-22 12:16:10 [▶]  started task: create managed nodegroup "cluster-name-ng"
2024-11-22 12:16:10 [▶]  started task: create managed nodegroup "cluster-name-ng"
2024-11-22 12:16:10 [▶]  started task: create managed nodegroup "cluster-name-ng"
2024-11-22 12:16:10 [ℹ]  building managed nodegroup stack "eksctl-cluster-name-nodegroup-cluster-name-ng"
2024-11-22 12:16:10 [▶]  CreateStackInput = &cloudformation.CreateStackInput{StackName:(*string)(0xc000d2e910), Capabilities:[]types.Capability{"CAPABILITY_IAM"}, ClientRequestToken:(*string)(nil), DisableRollback:(*bool)(0xc000d5ada0), EnableTerminationProtection:(*bool)(nil), NotificationARNs:[]string(nil), OnFailure:"", Parameters:[]types.Parameter(nil), ResourceTypes:[]string(nil), RetainExceptOnCreate:(*bool)(nil), RoleARN:(*string)(nil), RollbackConfiguration:(*types.RollbackConfiguration)(nil), StackPolicyBody:(*string)(nil), StackPolicyURL:(*string)(nil), Tags:[]types.Tag{types.Tag{Key:(*string)(0xc000ba2d30), Value:(*string)(0xc000ba2d40), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000ba2d50), Value:(*string)(0xc000ba2d60), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000ba2d70), Value:(*string)(0xc000ba2d80), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000ba2d90), Value:(*string)(0xc000ba2da0), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000ba2db0), Value:(*string)(0xc000ba2dc0), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000ba2dd0), Value:(*string)(0xc000ba2de0), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000d64ae0), Value:(*string)(0xc000d64af0), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000d64b00), Value:(*string)(0xc000d64b10), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000d64b20), Value:(*string)(0xc000d64b30), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000d64b40), Value:(*string)(0xc000d64b50), noSmithyDocumentSerde:document.NoSerde{}}, types.Tag{Key:(*string)(0xc000d64b60), Value:(*string)(0xc000d64b70), noSmithyDocumentSerde:document.NoSerde{}}}, TemplateBody:(*string)(0xc000d64b80), TemplateURL:(*string)(nil), TimeoutInMinutes:(*int32)(nil), noSmithyDocumentSerde:document.NoSerde{}}
2024-11-22 12:16:10 [ℹ]  deploying stack "eksctl-cluster-name-nodegroup-cluster-name-ng"
2024-11-22 12:16:11 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-nodegroup-cluster-name-ng"
2024-11-22 12:16:41 [ℹ]  waiting for CloudFormation stack "eksctl-cluster-name-nodegroup-cluster-name-ng"
2024-11-22 12:16:41 [▶]  failed task: create managed nodegroup "cluster-name-ng" (will not run other sequential tasks)
2024-11-22 12:16:41 [▶]  failed task: create managed nodegroup "cluster-name-ng" (will continue until other parallel tasks are completed)
2024-11-22 12:16:41 [▶]  failed task: create managed nodegroup "cluster-name-ng" (will continue until other parallel tasks are completed)
2024-11-22 12:16:41 [▶]  failed task: create managed nodegroup "cluster-name-ng" (will not run other sequential tasks)
2024-11-22 12:16:41 [▶]  failed task: 
    2 sequential sub-tasks: { 
        5 sequential sub-tasks: { 
            1 task: { create addons },
            wait for control plane to become ready,
            associate IAM OIDC provider,
            no tasks,
            update VPC CNI to use IRSA if required,
        },
        create managed nodegroup "cluster-name-ng",
    }
 (will not run other sequential tasks)
2024-11-22 12:16:41 [!]  1 error(s) occurred and cluster hasn't been created properly, you may wish to check CloudFormation console
2024-11-22 12:16:41 [ℹ]  to cleanup resources, run 'eksctl delete cluster --region=us-east-1 --name=cluster-name'
2024-11-22 12:16:41 [✖]  waiter state transitioned to Failure
Error: failed to create cluster "cluster-name"

How to reproduce it?

Logs

Anything else we need to know?

Using profile ~/user/.aws/credentials

ubuntu@ip-172-31-40-217:~$ cat /etc/os-release 
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

Versions

ubuntu@ip-172-31-40-217:~$ eksctl version
0.194.0
github-actions[bot] commented 14 hours ago

Hello romosa :wave: Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-5 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website