AWS VPC CNI AddOn stuck creating

0

Hi, Today we experienced issues with creating an EKS cluster. More precisely, the Amazon VPC CNI addon got stuck in the Creating status.

Versions:

  • EKS kubernetes version is 1.23, and the Platform version is eks.7.
  • Amazon VPC CNI version v1.11.2-eksbuild.1.

AWS region: us-east-1

The infrastructure is managed with teraform, and the exact same configuration worked fine yesterday. Are there anywhere some useful logs which would explain why this fails to be created, or maybe any other way to troubleshoot this? I tried looking into the EKS logs, but I didn't find anything useful. Thanks

emch
asked a year ago3534 views
2 Answers
0

Hello,

I could see that you are using eks cluster version 1.23 and vpc-cni version v1.11.2-eksbuild.1.

The vpc-cni version seems to be older version latest available version for eks 1.23 is v1.12.6-eksbuild.1.

The addon_version can be any version, it must match one returned from the following command:

$ aws eks describe-addon-versions --addon-name vpc-cni --kubernetes-version 1.23

Using an older version sometimes can throw this issue.

Delete the upgrading add-on and then update with any of the return version from the above command mentioning the compatible version in your terraform code.

References: https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon#addon_version

AWS
sanju_s
answered a year ago
  • We have also tried newer versions of the CNI addon:

    • v1.11.5-eksbuild.1
    • v1.12.5-eksbuild.1

    The same outcome with these version yesterday. Today it seems to be working again, with no changes. What baffles me a bit is that I didn't find any way to troubleshoot this.

0

In my case, I added first node group to my new EKS cluster, and its status was failed. This message appeared in logs. None of the above solved my problem. I was using latest CNI addon. My problem was that I created role for node group. That role had AmazonEKSWorkerNodePolicy and AmazonEC2ContainerRegistryFullReadonlyAccess. But I forgot to add AmazonEKS_CNI_Policy. After adding this policy, my problem solved.

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions