Terraform 代码如下
provider "aws" {
region = "us-west-2"
}
resource "aws_eks_cluster" "example" {
name = "example-cluster"
role_arn = aws_iam_role.example.arn
vpc_config {
subnet_ids = aws_subnet.example[*].id
}
}
resource "aws_iam_role" "example" {
name = "example-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "eks.amazonaws.com"
}
},
]
})
}
resource "aws_iam_role_policy_attachment" "example-AmazonEKSClusterPolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
role = aws_iam_role.example.name
}
resource "aws_iam_role_policy_attachment" "example-AmazonEKSServicePolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
role = aws_iam_role.example.name
}
resource "aws_vpc" "example" {
cidr_block = "10.0.0.0/16"
}
resource "aws_subnet" "example" {
count = 2
vpc_id = aws_vpc.example.id
cidr_block = cidrsubnet(aws_vpc.example.cidr_block, 8, count.index)
availability_zone = element(data.aws_availability_zones.available.names, count.index)
}
data "aws_availability_zones" "available" {}
resource "aws_eks_node_group" "example" {
cluster_name = aws_eks_cluster.example.name
node_group_name = "example-node-group"
node_role_arn = aws_iam_role.example_node_group.arn
subnet_ids = aws_subnet.example[*].id
scaling_config {
desired_size = 2
max_size = 3
min_size = 1
}
instance_types = ["t3.medium"]
remote_access {
ec2_ssh_key = "my-key"
}
tags = {
Name = "example-node-group"
}
}
resource "aws_iam_role" "example_node_group" {
name = "example-node-group-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "ec2.amazonaws.com"
}
},
]
})
}
resource "aws_iam_role_policy_attachment" "example-AmazonEKSWorkerNodePolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
role = aws_iam_role.example_node_group.name
}
resource "aws_iam_role_policy_attachment" "example-AmazonEC2ContainerRegistryReadOnly" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
role = aws_iam_role.example_node_group.name
}
resource "aws_iam_role_policy_attachment" "example-AmazonEKS_CNI_Policy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
role = aws_iam_role.example_node_group.name
}
我创建了如下密钥对
aws ec2 create-key-pair --key-name my-key --query 'KeyMaterial' --output text > my-key.pem --region us-west-2
ls -l my-key.pem
chmod 600 my-key.pem
但是,当我运行 terraform 时,我收到如下错误
_eks_node_group.example: Still creating... [22m40s elapsed]
aws_eks_node_group.example: Still creating... [22m50s elapsed]
aws_eks_node_group.example: Still creating... [23m0s elapsed]
aws_eks_node_group.example: Still creating... [23m10s elapsed]
╷
│ Error: waiting for EKS Node Group (example-cluster:example-node-group) create: unexpected state 'CREATE_FAILED', wanted target 'ACTIVE'. last error: i-008194c5266bcbf08, i-0df3c0087882195a7: NodeCreationFailure: Instances failed to join the kubernetes cluster
│
│ with aws_eks_node_group.example,
│ on main.tf line 86, in resource "aws_eks_node_group" "example":
│ 86: resource "aws_eks_node_group" "example" {
│
╵
请帮忙。
当 EKS 节点无法加入集群时,通常是由于权限或网络配置问题造成的。以下是一些需要仔细检查的事项:
IAM 策略:确保您的节点组角色 (example-node-group-role) 附加了 AmazonEKSWorkerNodePolicy、AmazonEC2ContainerRegistryReadOnly 和 AmazonEKS_CNI_Policy。如果没有这些,节点就无法与 EKS 通信或提取必要的图像。
子网配置:您的子网是公共的,还是至少有到互联网网关的路由?如果节点无法访问互联网,它们将难以进行必要的连接(例如下载容器映像)。
安全组:确保控制平面和节点组安全组允许通过基本端口进行通信 - 443 用于 API 访问,10250 用于工作节点 kubelet 通信等。
尝试一下,如果您仍然遇到困难,我很乐意与您一起深入研究!您可以通过我的个人资料联系我。