AWS VPC CNI AddOn stuck creating

Hello,

I could see that you are using eks cluster version 1.23 and vpc-cni version v1.11.2-eksbuild.1.

The vpc-cni version seems to be older version latest available version for eks 1.23 is v1.12.6-eksbuild.1.

The addon_version can be any version, it must match one returned from the following command:

$ aws eks describe-addon-versions --addon-name vpc-cni --kubernetes-version 1.23

Using an older version sometimes can throw this issue.

Delete the upgrading add-on and then update with any of the return version from the above command mentioning the compatible version in your terraform code.

References: https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon#addon_version

In my case, I added first node group to my new EKS cluster, and its status was failed. This message appeared in logs. None of the above solved my problem. I was using latest CNI addon. My problem was that I created role for node group. That role had AmazonEKSWorkerNodePolicy and AmazonEC2ContainerRegistryFullReadonlyAccess. But I forgot to add AmazonEKS_CNI_Policy. After adding this policy, my problem solved.

I have the same issue, I have been using same terraform configuration but sometimes it takes up to 15 minutes just for VPC-CNI plug in to set it up and sometimes it creates in 3 minutes. Can`t figure out where is this inconsistency coming from.

We experience the same issue, most time cni is created relativly fast, but one out four times it takes long time:

module.eks.module.eks-cluster.aws_eks_addon.before_compute["vpc-cni"]: Creation complete after 16m25s

I tried the latest v1.18.2-eksbuild.1, same result