如何在AWS中使用eksctl创建集群时解决错误

Question

我正在尝试为我的根账户的用户账户在AWS us-east-1区域中创建一个集群。但是在尝试创建集群时却遇到了以下问题

  [ℹ]  eksctl version 0.22.0
  [ℹ]  using region us-east-1
  [ℹ]  subnets for us-east-1a - public:192.168.0.0/19 private:192.168.64.0/19
  [ℹ]  subnets for us-east-1b - public:192.168.32.0/19 private:192.168.96.0/19
  [ℹ]  using Kubernetes version 1.16
  [ℹ]  creating EKS cluster "in28minutes-cluster" in "us-east-1" region with managed nodes
  [ℹ]  will create 2 separate CloudFormation stacks for cluster itself and the initial managed nodegroup
  [ℹ]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-east-1 --cluster=in28minutes-cluster'
  [ℹ]  CloudWatch logging will not be enabled for cluster "in28minutes-cluster" in "us-east-1"
  [ℹ]  you can enable it with 'eksctl utils update-cluster-logging --region=us-east-1 --cluster=in28minutes-cluster'
  [ℹ]  Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "in28minutes-cluster" in "us-east-1"
  [ℹ]  2 sequential tasks: { create cluster control plane "in28minutes-cluster", 2 sequential sub-tasks: { no tasks, create managed nodegroup "in28minutes-cluster-node-group" } }
  [ℹ]  building cluster stack "eksctl-in28minutes-cluster-cluster"
  [ℹ]  deploying stack "eksctl-in28minutes-cluster-cluster"
  [✖]  unexpected status "ROLLBACK_IN_PROGRESS" while waiting for CloudFormation stack "eksctl-in28minutes-cluster-cluster"
  [ℹ]  fetching stack events in attempt to troubleshoot the root cause of the failure
  [✖]  AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST1B: CREATE_FAILED – "Resource creation cancelled"
  [✖]  AWS::EC2::Route/PublicSubnetRoute: CREATE_FAILED – "Resource creation cancelled"
  [✖]  AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST1A: CREATE_FAILED – "Resource creation cancelled"
  [✖]  AWS::EC2::NatGateway/NATGateway: CREATE_FAILED – "Resource creation cancelled"
  [✖]  AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST1A: CREATE_FAILED – "Resource creation cancelled"
  [✖]  AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST1B: CREATE_FAILED – "Resource creation cancelled"
  [✖]  AWS::EKS::Cluster/ControlPlane: CREATE_FAILED – "User: arn:aws:iam::750121092648:user/HR is not authorized to perform: eks:CreateCluster on resource: arn:aws:eks:us-east-1:750121092648:cluster/in28minutes-cluster (Service: AmazonEKS; Status Code: 403; Error Code: AccessDeniedException; Request ID: 290ba47a-6423-4ce7-bd25-c429e1f69ea8)"
  [!]  1 error(s) occurred and cluster hasn't been created properly, you may wish to check CloudFormation console
  [ℹ]  to cleanup resources, run 'eksctl delete cluster --region=us-east-1 --name=in28minutes-cluster'
  [✖]  waiting for CloudFormation stack "eksctl-in28minutes-cluster-cluster": ResourceNotReady: failed waiting for successful resource state
  Error: failed to create cluster "in28minutes-cluster"

这是我用来创建集群的命令

create cluster --name in28minutes-cluster --nodegroup-name in28minutes-cluster-node-group  --node-type t2.medium --nodes 3 --nodes-min 3 --nodes-max 7 --managed --asg-access --zones=us-east-1a,us-east-1b

我也为我的用户帐户扮演模拟角色

请帮助我解决此问题，我是aws kubernates的新手

Answer 1

此行来自您的日志

3, 4, 5, 6, ..., 99996

似乎建议用户DECLARE @results TABLE ( DatabaseName nvarchar(100) NOT NULL, SchemaName nvarchar(50) NOT NULL, TableName nvarchar(100) NOT NULL, Created datetime NOT NULL ); DECLARE @dbName nvarchar(100); DECLARE c CURSOR STATIC READ_ONLY FOR SELECT QUOTENAME( [name] ) FROM sys.databases; OPEN c; FETCH NEXT FROM c INTO @dbName; WHILE @@FETCH_STATUS = 0 BEGIN DECLARE @dbQuery nvarchar(1000) = N' SELECT ''' + @dbName + N''' AS DatabaseName, s.[name] AS SchemaName, t.[name] AS TableName, t.create_date AS Created FROM ' + @dbName + N'.sys.tables AS t INNER JOIN sys.schemas AS s ON t.schema_id = s.schema_id ORDER BY s.[name], t.[name] '; INSERT INTO @results ( DatabaseName, SchemaName, TableName, Created ) EXECUTE sp_executesql @dbQuery; FETCH NEXT FROM c INTO @dbName; END; CLOSE c; DEALLOCATE c; -------------------------- SELECT * FROM @results ORDER BY DatabaseName, SchemaName, TableName; 没有所有必要的EKS权限。尝试（临时）附加[✖] AWS::EKS::Cluster/ControlPlane: CREATE_FAILED – "User: arn:aws:iam::750121092648:user/HR is not authorized to perform: eks:CreateCluster on resource: arn:aws:eks:us-east-1:750121092648:cluster/in28minutes-cluster (Service: AmazonEKS; Status Code: 403; Error Code: AccessDeniedException; Request ID: 290ba47a-6423-4ce7-bd25-c429e1f69ea8)" 用户到AWS管理的HR策略。然后，如果这可以解决问题，请将其范围缩小到仅与EKS相关的权限。