By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EKS worknode on k8s version: 1.27 cannot join cluster conrtoller.

0

Hello all,

I try to join the worker node into the cluster controller by assign an IAM permission for the worker node with my user account such as below. "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"

For other addons supports into cluster show status like below.

Amazon EBS CSI Driver [ Degraded ]
Amazon VPC CNI [Active]

I access into worker node show an error on /var/log/messages as below.

csi_plugin.go:913] Failed to contact API server when waiting for CSINode publishing: csinodes.storage.k8s.io "ip-10-0-12-152.ap-southeast-1.compute.internal" is forbidden: User "system:node:ip-10-0-12-152.ap-southeast-1.compute.internal" cannot get resource "csinodes" in API group "storage.k8s.io" at the cluster scope

Topics
Security, Identity, & ComplianceManagement & GovernanceContainers
Tags
AWS Identity and Access ManagementAWS Management ConsoleAmazon Elastic Kubernetes Service
Language
English
rchatsiri
asked 10 months ago212 views
1 Answer
0

Have you looked at the Cluster Node IAM roles that are required? Here's the documentation on IAM Roles for Nodes. Make sure it has the three listed.

AWS
AWS-User-5098416
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content