AWS EKS节点创建失败

Question

我在AWS中有一个由这些指令创建的集群。

然后，我尝试根据这文档在这个集群中添加节点。

似乎无法使用vpc-cni和coredns健康问题类型：insufficientNumberOfReplicas The add-on is unhealthy because it doesn't have the desired number of replicas.创建节点。

豆荚kubectl get pods -n kube-system的研究现状

NAME                       READY   STATUS             RESTARTS   AGE
aws-node-9cwkd             0/1     CrashLoopBackOff   13         42m
aws-node-h4qjt             0/1     CrashLoopBackOff   13         42m
aws-node-jrn5x             0/1     CrashLoopBackOff   13         43m
coredns-745979c988-25fcc   0/1     Pending            0          120m
coredns-745979c988-qvh7h   0/1     Pending            0          120m
kube-proxy-2bmlq           1/1     Running            0          42m
kube-proxy-hjcrw           1/1     Running            0          43m
kube-proxy-j9r9n           1/1     Running            0          42m

aws-node-9cwkd荚的日志：

{"level":"info","ts":"2021-11-30T14:11:14.156Z","caller":"entrypoint.sh","msg":"Validating env variables ..."}
{"level":"info","ts":"2021-11-30T14:11:14.157Z","caller":"entrypoint.sh","msg":"Install CNI binaries.."}
{"level":"info","ts":"2021-11-30T14:11:14.177Z","caller":"entrypoint.sh","msg":"Starting IPAM daemon in the background ... "}
{"level":"info","ts":"2021-11-30T14:11:14.179Z","caller":"entrypoint.sh","msg":"Checking for IPAM connectivity ... "}
{"level":"info","ts":"2021-11-30T14:11:16.189Z","caller":"entrypoint.sh","msg":"Retrying waiting for IPAM-D"}
{"level":"info","ts":"2021-11-30T14:11:18.198Z","caller":"entrypoint.sh","msg":"Retrying waiting for IPAM-D"}
{"level":"info","ts":"2021-11-30T14:11:20.205Z","caller":"entrypoint.sh","msg":"Retrying waiting for IPAM-D"}
{"level":"info","ts":"2021-11-30T14:11:22.215Z","caller":"entrypoint.sh","msg":"Retrying waiting for IPAM-D"}
{"level":"info","ts":"2021-11-30T14:11:24.226Z","caller":"entrypoint.sh","msg":"Retrying waiting for IPAM-D"}

通过运行命令kubectl describe pod aws-node-h4qjt -n kube-system，会发生以下错误：

Readiness probe failed: {"level":"info","ts":"2021-11-30T14:11:07.145Z","caller":"/usr/local/go/src/runtime/proc.go:225","msg":"timeout: failed to connect service \":50051\" within 5s"}

为了成功地在集群中创建节点，我们将非常感谢任何帮助。

Answer 1

我使用了带有--nodes标志的eksctl命令行工具，一切都按预期成功创建。

eksctl create cluster --name cluster-name \
  --nodes 3 \
  --node-type=t3.large \
  --region=eu-west-1

Answer 2

这很可能是节点服务角色的问题。如果你进入舱内，然后查看ipamd.log，你可以得到更多的信息。

kubectl exec -it aws-node-9cwkd -n kube-system -- /bin/bash 
cat /host/var/log/aws-routed-eni/ipamd.log

下面是我遇到相同错误时的一个错误示例

{“级别”：“错误”，"ts":"2021-12-02T13:27:51.464Z"，“调用者”：“ipamd/ipand.go:444”，“msg”：“未能调用EC2:eni-0c01b25ae6999ed5: UnauthorizedOperation:您无权执行此操作。\n\tstatus代码: 403，请求id: 0438b84b-8052-4f31-9d63-c2ff7512f131"}

在我的例子中，我不得不将AmazonEKS_CNI_Policy策略添加到node角色中。

https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html