Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Windows Core Custom AMI Works Manually but Fails to Join EKS When Used in Self-Managed Node Group (EKS 1.33)

0

I am using EKS 1.33 with a self-managed Windows node group.

I created a custom Windows Server 2022 Core AMI using EC2 Image Builder.

Scenario 1 – Manual Launch (Works)

When I manually launch an EC2 instance using this custom AMI:

I can connect to the instance.

The kubelet service is running.

The node successfully joins the EKS cluster.

Scenario 2 – Node Group Launch (Fails)

When I use the same custom AMI in an eksctl self-managed node group:

CloudFormation stack is created successfully.

The EC2 instance launches.

The node does not join the cluster.

The instance does not appear in kubectl get nodes.

Since this is a Windows Core AMI, I cannot easily log in to debug.

The node group configuration includes:

Custom ami

amiFamily: WindowsServer2022CoreContainer

instanceRoleARN

Private networking

The same AMI works when launched manually but fails when launched via the node group.

Why would the same custom Windows AMI work when launched manually but fail when launched via a self-managed node group? Does eksctl require an overrideBootstrapCommand when using a custom Windows AMI?

Topics
ComputeContainers
Tags
Amazon EC2WindowsComputeEC2 Image BuilderAmazon Elastic Kubernetes Service
Language
English
asked 17 days ago24 views
1 Answer
0

When using a custom Windows AMI with eksctl self-managed node groups, there are several key considerations that could explain why your AMI works manually but fails in the node group:

Bootstrap Command Requirements

Yes, eksctl does require special handling when using custom AMIs. For self-managed node groups with custom AMIs, you typically need to provide an overrideBootstrapCommand that properly configures the node to join your EKS cluster. The bootstrap script must call /etc/eks/bootstrap.sh (or the Windows equivalent) with the correct cluster name and any necessary kubelet arguments.

When you launch manually, you're likely running the bootstrap process yourself, which is why it works. However, when launched through eksctl, the default bootstrap process may not be compatible with your custom AMI, causing the node to fail to join the cluster.

AMI Type Configuration

When using a custom AMI with a launch template or node group configuration, the amiType should be set to CUSTOM. If you're specifying a launch template with a custom AMI, you should not specify an amiType at all, as this can cause deployment failures.

Windows-Specific Considerations

For Windows custom AMIs, you also need to ensure that eks:kube-proxy-windows is added to your Windows nodes' role ARN in the aws-auth ConfigMap. This is a specific requirement for Windows nodes that may not be automatically configured when using a custom AMI.

Recommended Solution

In your eksctl configuration, add an overrideBootstrapCommand that includes the proper bootstrap script execution with your cluster name and any required kubelet extra arguments. This ensures the node properly registers with your EKS cluster when launched through the node group, matching the manual process that works successfully.
Sources
EKS managed nodegroups - Eksctl User Guide
AWS::EKS::Nodegroup - AWS CloudFormation

answered 17 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content