Question

我试图使用我的IAM用户使用eksctl创建EKS集群。我正在使用yaml文件提供所有配置。这样做时出现错误

yaml文件的内容发布在下面：

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: testCluster1
  region: us-east-2

nodeGroups:
  - name: ng-1
    instanceType: m5.large

iam: 
  serviceRoleARN: "arn:aws:sts::019751775207:assumed-

role/XYZ_Team_Access/Nabc.ysh@xyz.com”

错误：群集/控制平面：CREATE_FAILED-“ roleArn中的服务名称必须范围为'iam'。（服务：AmazonEKS；状态代码：400；错误代码：InvalidParameterException；请求ID：56115c79-8909-11e9-a1da-85124a03f2a7）” / p>

控制台输出：

[?]  using region us-east-2
[?]  setting availability zones to [us-east-2c us-east-2a us-east- 2b]
[?]  subnets for us-east-2c - public:192.168.0.0/19 private:192.168.96.0/19
[?]  subnets for us-east-2a - public:192.168.32.0/19 private:192.168.128.0/19
[?]  subnets for us-east-2b - public:192.168.64.0/19 private:192.168.160.0/19
[?]  nodegroup "ng-1" will use "ami-04ea7cb66af82ae4a" [AmazonLinux2/1.12]
[?]  creating EKS cluster "clusterAmol1" in "us-east-2" region
[?]  1 nodegroup (ng-1) was included
[?]  will create a CloudFormation stack for cluster itself and 1 nodegroup stack(s)
[?]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-east-2 --name=clusterAmol1'
[?]  2 sequential tasks: { create cluster control plane "clusterAmol1", create nodegroup "ng-1" }
[?]  building cluster stack "eksctl-clusterAmol1-cluster"
[?]  deploying stack "eksctl-clusterAmol1-cluster"
[?]  unexpected status "ROLLBACK_IN_PROGRESS" while waiting for CloudFormation stack "eksctl-clusterAmol1-cluster"
[?]  fetching stack events in attempt to troubleshoot the root cause of the failure
[?]  AWS::CloudFormation::Stack/eksctl-clusterAmol1-cluster: ROLLBACK_IN_PROGRESS - "The following resource(s) failed to create: [RouteTableAssociationPrivateUSEAST2B, RouteTableAssociationPrivateUSEAST2C, RouteTableAssociationPrivateUSEAST2A, RouteTableAssociationPublicUSEAST2A, RouteTableAssociationPublicUSEAST2C, RouteTableAssociationPublicUSEAST2B, ControlPlane, NATGateway]. . Rollback requested by user."
[?]  AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST2C: CREATE_FAILED - "Resource creation cancelled"
[?]  AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST2C: CREATE_FAILED - "Resource creation cancelled"
[?]  AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST2A: CREATE_FAILED - "Resource creation cancelled"
[?]  AWS::EC2::NatGateway/NATGateway: CREATE_FAILED - "Resource creation cancelled"
[?]  AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST2A: CREATE_FAILED - "Resource creation cancelled"

[？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPublicUSEAST2B：CREATE_FAILED-“资源创建已取消” [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPrivateUSEAST2B：CREATE_FAILED-“资源创建已取消” [？] AWS :: EKS :: Cluster / ControlPlane：CREATE_FAILED-“ roleArn中的服务名称必须范围为'iam'。（服务：AmazonEKS；状态代码：400；错误代码：InvalidParameterException；请求ID：ae0ef6d8-8917 -11e9-b12f-eb52e4e9e6af）“ [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPrivateUSEAST2B：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPrivateUSEAST2A：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPrivateUSEAST2C：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPublicUSEAST2C：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPublicUSEAST2A：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: Route / PublicSubnetRoute：CREATE_COMPLETE [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPrivateUSEAST2B：CREATE_IN_PROGRESS [？] AWS :: EKS ::集群/ ControlPlane：CREATE_IN_PROGRESS [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPrivateUSEAST2A：CREATE_IN_PROGRESS [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPublicUSEAST2B：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: NatGateway / NATGateway：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPrivateUSEAST2C：CREATE_IN_PROGRESS [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPublicUSEAST2C：CREATE_IN_PROGRESS [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPublicUSEAST2A：CREATE_IN_PROGRESS [？] AWS :: EC2 :: NatGateway / NATGateway：CREATE_IN_PROGRESS [？] AWS :: EC2 :: SubnetRouteTableAssociation / RouteTableAssociationPublicUSEAST2B：CREATE_IN_PROGRESS [？] AWS :: EC2 :: Subnet / SubnetPrivateUSEAST2A：CREATE_COMPLETE [？] AWS :: EC2 :: Subnet / SubnetPrivateUSEAST2C：CREATE_COMPLETE [？] AWS :: EC2 :: Subnet / SubnetPrivateUSEAST2B：CREATE_COMPLETE [？] AWS :: EC2 :: Subnet / SubnetPublicUSEAST2A：CREATE_COMPLETE [？] AWS :: EC2 :: Subnet / SubnetPublicUSEAST2C：CREATE_COMPLETE [？] AWS :: EC2 :: VPCGatewayAttachment / VPCGatewayAttachment：CREATE_COMPLETE [？] AWS :: EC2 :: Subnet / SubnetPublicUSEAST2B：CREATE_COMPLETE [？] AWS :: EC2 :: SecurityGroupIngress / IngressInterNodeGroupSG：CREATE_COMPLETE [？] AWS :: EC2 :: SecurityGroupIngress / IngressInterNodeGroupSG：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: SecurityGroupIngress / IngressInterNodeGroupSG：CREATE_IN_PROGRESS [？] AWS :: EC2 :: SecurityGroup / ControlPlaneSecurityGroup：CREATE_COMPLETE [？] AWS :: EC2 :: SecurityGroup / ClusterSharedNodeSecurityGroup：CREATE_COMPLETE [？] AWS :: EC2 :: SecurityGroup / ControlPlaneSecurityGroup：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: SecurityGroup / ClusterSharedNodeSecurityGroup：CREATE_IN_PROGRESS-“已启动资源创建” [？] AWS :: EC2 :: Route / PublicSubnetRoute：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: Route / PublicSubnetRoute：CREATE_IN_PROGRESS [？] AWS :: EC2 :: RouteTable / PrivateRouteTable：CREATE_COMPLETE [？] AWS :: EC2 :: RouteTable / PublicRouteTable：CREATE_COMPLETE [？] AWS :: EC2 :: VPCGatewayAttachment / VPCGatewayAttachment：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: Subnet / SubnetPrivateUSEAST2C：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: RouteTable / PrivateRouteTable：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: Subnet / SubnetPrivateUSEAST2A：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: Subnet / SubnetPrivateUSEAST2B：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: Subnet / SubnetPublicUSEAST2A：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: RouteTable / PublicRouteTable：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: Subnet / SubnetPublicUSEAST2C：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: SecurityGroup / ControlPlaneSecurityGroup：CREATE_IN_PROGRESS [？] AWS :: EC2 :: VPCGatewayAttachment / VPCGatewayAttachment：CREATE_IN_PROGRESS [？] AWS :: EC2 :: Subnet / SubnetPrivateUSEAST2C：CREATE_IN_PROGRESS [？] AWS :: EC2 :: RouteTable / PrivateRouteTable：CREATE_IN_PROGRESS [？] AWS :: EC2 :: Subnet / SubnetPrivateUSEAST2B：CREATE_IN_PROGRESS [？] AWS :: EC2 :: SecurityGroup / ClusterSharedNodeSecurityGroup：CREATE_IN_PROGRESS [？] AWS :: EC2 :: Subnet / SubnetPublicUSEAST2A：CREATE_IN_PROGRESS [？] AWS :: EC2 :: RouteTable / PublicRouteTable：CREATE_IN_PROGRESS [？] AWS :: EC2 :: Subnet / SubnetPublicUSEAST2B：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: Subnet / SubnetPrivateUSEAST2A：CREATE_IN_PROGRESS [？] AWS :: EC2 :: Subnet / SubnetPublicUSEAST2C：CREATE_IN_PROGRESS [？] AWS :: EC2 :: Subnet / SubnetPublicUSEAST2B：CREATE_IN_PROGRESS [？] AWS :: EC2 :: VPC / VPC：CREATE_COMPLETE [？] AWS :: EC2 :: EIP / NATIP：CREATE_COMPLETE [？] AWS :: EC2 :: InternetGateway / InternetGateway：CREATE_COMPLETE [？] AWS :: EC2 :: EIP / NATIP：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: InternetGateway / InternetGateway：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: EIP / NATIP：CREATE_IN_PROGRESS [？] AWS :: EC2 :: VPC / VPC：CREATE_IN_PROGRESS-“资源创建已启动” [？] AWS :: EC2 :: InternetGateway / InternetGateway：CREATE_IN_PROGRESS [？] AWS :: EC2 :: VPC / VPC：CREATE_IN_PROGRESS [？] AWS :: CloudFormation :: Stack / eksctl-clusterAmol1-cluster：CREATE_IN_PROGRESS-“用户启动” [？]构建节点组堆栈“ eksctl-clusterAmol1-nodegroup-ng-1” [？]发生2个错误，并且集群创建不正确，您可能希望检查CloudFormation控制台 [？]清理资源，运行“ eksctl delete cluster --region = us-east-2 --name = clusterAmol1” [？]等待CloudFormation堆栈“ eksctl-clusterAmol1-cluster”达到“ CREATE_COMPLETE”状态：ResourceNotReady：等待成功的资源状态失败 [？]无效的群集配置：缺少CertificateAuthorityData [？]无法创建集群“ clusterAmol1”`

Answer 1

从日志中看到两个错误： 1）“ roleArn中的服务名称必须范围为'iam' 2）无效的群集配置：缺少CertificateAuthorityData无法创建群集“ clusterAmol1”`

仔细检查运行eksctl的IAM用户的权限

https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html#unauthorized

我建议您首先使用管理员权限进行尝试，看看它是否可以通过此错误-然后您可以消除权限问题。稍后按照aws docs / git repo描述的方式启动-排除yaml文件中的错误

使用eksctl

1 个答案: