search

hashicorp / learn-terraform-provision-eks-cluster

https://developer.hashicorp.com/terraform/tutorials/kubernetes/eks
Mozilla Public License 2.0
397 stars 1.2k forks source link

Local Zones can cause terraform apply to fail #100

Closed dante286 closed 1 year ago

dante286 commented 1 year ago

If an AWS account has Local Zones enabled the VPC module will sometimes grab those zones for the subnets. It seems EKS is not yet supported in local zones and will cause the terraform applies to fail with the following error:

│ Error: creating EKS Cluster (education-eks-cHI88yWG): UnsupportedAvailabilityZoneException: Cannot create cluster 'education-eks-cHI88yWG' because us-east-1-atl-1a, the targeted availability zone, does not currently have sufficient capacity to support the cluster. Retry and choose from these availability zones: us-east-1a, us-east-1b, us-east-1c, us-east-1d, us-east-1f
│ {
│   RespMetadata: {
│     StatusCode: 400,
│     RequestID: ""
│   },
│   ClusterName: "education-eks-cHI88yWG",
│   Message_: "Cannot create cluster 'education-eks-cHI88yWG' because us-east-1-atl-1a, the targeted availability zone, does not currently have sufficient capacity to support the cluster. Retry and choose from these availability zones: us-east-1a, us-east-1b, us-east-1c, us-east-1d, us-east-1f",
│   ValidZones: [
│     "us-east-1a",
│     "us-east-1b",
│     "us-east-1c",
│     "us-east-1d",
│     "us-east-1f"
│   ]
│ }
│ 
│   with module.eks.aws_eks_cluster.this[0],
│   on .terraform/modules/eks/main.tf line 25, in resource "aws_eks_cluster" "this":
│   25: resource "aws_eks_cluster" "this" {
│ 
╵
╷
│ Error: creating EC2 NAT Gateway: NotAvailableInZone: Nat Gateway is not available in this availability zone
│       status code: 400, request id: 
│ 
│   with module.vpc.aws_nat_gateway.this[0],
│   on .terraform/modules/vpc/main.tf line 1027, in resource "aws_nat_gateway" "this":
│ 1027: resource "aws_nat_gateway" "this" {

I have a workaround / fix that I've tested locally by applying a filter to the Availability Zones data resource to only get standard AZs:

data "aws_availability_zones" "available" {
  filter {
    name   = "opt-in-status"
    values = ["opt-in-not-required"]
  }
}

I don't think Local Zones are heavily used yet, but I stumbled into this issue using a cloud sandbox on a learning platform and the provisioned sandbox happened to have a couple Local Zones enabled that led me to discovering this.

BrianMMcClain commented 1 year ago

Thanks @dante286! Looks like you're right, at least in the Atlanta local zone, the local zone gets pulled first from the list of AZs, and also looks like managed node groups don't currently support local zones. Good catch!

I've created PR #103 to add this fix. Thanks!