我无法将EKS节点加入EKS集群(Terraform)

Question

我正在使用terraformv0.14.2，我试图创建一个EKS集群，但是当节点加入到集群时，我遇到了问题。状态被塞进“创建”中，直到出现错误：

我要部署的代码是：

错误:等待error 创建的错误: NodeCreationFailure：未能加入集群。资源i: i-00c4bac08b3c42225

resource "aws_eks_node_group" "managed_workers" {
  for_each        = local.ob

  cluster_name    = aws_eks_cluster.cluster.name
  node_group_name = "${var.cluster_name}-worker-node-${each.value}"
  node_role_arn   = aws_iam_role.managed_workers.arn
  subnet_ids      = aws_subnet.private.*.id
  scaling_config {
    desired_size = 1
    max_size     = 1
    min_size     = 1
  }
  launch_template {
    id      = aws_launch_template.worker-node[each.value].id
    version = aws_launch_template.worker-node[each.value].latest_version
  }

  depends_on = [
    kubernetes_config_map.aws_auth_configmap,
    aws_iam_role_policy_attachment.eks-AmazonEKSWorkerNodePolicy,
    aws_iam_role_policy_attachment.eks-AmazonEKS_CNI_Policy,
    aws_iam_role_policy_attachment.eks-AmazonEC2ContainerRegistryReadOnly,
  ]
  lifecycle {
    create_before_destroy = true
    ignore_changes = [scaling_config[0].desired_size, scaling_config[0].min_size]
  }
}

resource "aws_launch_template" "worker-node" {
  for_each               = local.ob

  image_id               = data.aws_ssm_parameter.cluster.value
  name                   = "${var.cluster_name}-worker-node-${each.value}"
  instance_type          = "t3.medium"

  block_device_mappings {
    device_name = "/dev/xvda"

    ebs {
      volume_size = 20
      volume_type = "gp2"
    }
  }
  tag_specifications {
    resource_type = "instance"
    tags = {
      "Instance Name" = "${var.cluster_name}-node-${each.value}"
       Name = "${var.cluster_name}-node-${each.value}"
    }
  }
}

实际上，我在EC2实例和EKS中看到了附加到EKS集群的节点，但是有了这个状态错误：

“实例未能加入kubernetes集群”

我不能检查错误在哪里，因为错误消息没有显示更多的信息。

有什么想法吗？

thx

Answer 1

因此，其他人也可以这样做，您需要包含一个用户数据脚本，以获得加入集群的节点。类似于：

userdata.tpl

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==MYBOUNDARY=="

--==MYBOUNDARY==
Content-Type: text/x-shellscript; charset="us-ascii"

#!/bin/bash
set -ex
/etc/eks/bootstrap.sh ${CLUSTER_NAME} --b64-cluster-ca ${B64_CLUSTER_CA} --apiserver-endpoint ${API_SERVER_URL}

--==MYBOUNDARY==--\

你把它渲染成这样

locals {
  user_data_values = {
    CLUSTER_NAME = var.cluster_name
    B64_CLUSTER_CA = var.cluster_certificate_authority
    API_SERVER_URL = var.cluster_endpoint
  }
}

resource "aws_launch_template" "cluster" {
  image_id  = "ami-XXX" # Make sure the AMI is an EKS worker
  user_data = base64encode(templatefile("userdata.tpl", local.user_data_values))
...
}

除此之外，确保节点组是工作者安全组的一部分，并具有所需的IAM角色，您应该没事。