Creation Amazon EKS cluster using eksctl could not find any of authenticator
I try to create new Kubernetes cluster on Amazon EKS using eksctl script.
I created IAM user with this permissions :
when i try to create it I have this error :
root@myvm:~# eksctl create cluster --name test-cluster --region eu-central-1 --nodegroup-name linux-node --node-type t2.micro --nodes 2
2021-03-16 23:05:24 [ℹ] eksctl version 0.40.0
2021-03-16 23:05:24 [ℹ] using region eu-central-1
2021-03-16 23:05:24 [ℹ] setting availability zones to [eu-central-1c eu-central-1b eu-central-1a]
2021-03-16 23:05:24 [ℹ] subnets for eu-central-1c - public:192.xxx.x.x/19 private:192.xxx.xx.x/19
2021-03-16 23:05:24 [ℹ] subnets for eu-central-1b - public:192.xxx.x.x/19 private:192.xxx.x.x/19
2021-03-16 23:05:24 [ℹ] subnets for eu-central-1a - public:192.xxx.x.x/19 private:192.xxx.x.x/19
Error: unable to determine AMI to use: error getting AMI from SSM Parameter Store: AccessDeniedException: User: arn:aws:iam::<aws_client_id>:user/<eks_user> is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:eu-central-1:<aws_client_id>:parameter/aws/service/eks/optimized-ami/1.18/amazon-linux-2/recommended/image_id
status code: 400, request id: 18e6d83d-af7c-4a9c-904f-adf646d22f65
I created another IAM user with AdministratorAccess permission and change the aws credentials on my VM.
root@myvm:~# eksctl create cluster --name test-cluster --region eu-central-1 --nodegroup-name linux-node --node-type t2.micro --nodes 2
2021-03-16 22:28:37 [ℹ] eksctl version 0.40.0
2021-03-16 22:28:37 [ℹ] using region eu-central-1
2021-03-16 22:28:37 [ℹ] setting availability zones to [eu-central-1b eu-central-1c eu-central-1a]
2021-03-16 22:28:37 [ℹ] subnets for eu-central-1b - public:192.xxx.x.x/19 private:192.xxx.x.x/19
2021-03-16 22:28:37 [ℹ] subnets for eu-central-1c - public:192.xxx.x.x/19 private:192.xxx.x.x/19
2021-03-16 22:28:37 [ℹ] subnets for eu-central-1a - public:192.xxx.x.x/19 private:192.xxx.x.x/19
2021-03-16 22:28:37 [ℹ] nodegroup "linux-node" will use "ami-0f85d2eeb0bea62a7" [AmazonLinux2/1.18]
2021-03-16 22:28:37 [ℹ] using Kubernetes version 1.18
2021-03-16 22:28:37 [ℹ] creating EKS cluster "test-cluster" in "eu-central-1" region with un-managed nodes
2021-03-16 22:28:37 [ℹ] will create 2 separate CloudFormation stacks for cluster itself and the initial nodegroup
2021-03-16 22:28:37 [ℹ] if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=eu-central-1 --cluster=test-cluster'
2021-03-16 22:28:37 [ℹ] CloudWatch logging will not be enabled for cluster "test-cluster" in "eu-central-1"
2021-03-16 22:28:37 [ℹ] you can enable it with 'eksctl utils update-cluster-logging --enable-types={SPECIFY-YOUR-LOG-TYPES-HERE (e.g. all)} --region=eu-central-1 --cluster=test-cluster'
2021-03-16 22:28:37 [ℹ] Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "test-cluster" in "eu-central-1"
2021-03-16 22:28:37 [ℹ] 2 sequential tasks: { create cluster control plane "test-cluster", 3 sequential sub-tasks: { wait for control plane to become ready, create addons, create nodegroup "linux-node" } }
2021-03-16 22:28:37 [ℹ] building cluster stack "eksctl-test-cluster-cluster"
2021-03-16 22:28:38 [ℹ] deploying stack "eksctl-test-cluster-cluster"
2021-03-16 22:28:38 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:28:57 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:29:12 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:29:30 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:29:49 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:30:07 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:30:25 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:30:45 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:31:03 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:31:20 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:31:36 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:31:55 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:32:11 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:32:31 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:32:48 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:33:04 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:33:20 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:33:38 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:33:54 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:34:10 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:34:29 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:34:48 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:35:05 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:35:22 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:35:41 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:35:56 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:36:15 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:36:31 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:36:48 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:37:05 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:37:22 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:37:38 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:37:53 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:38:10 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:38:29 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:38:44 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:39:04 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:39:24 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:39:39 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:39:56 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:40:16 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:40:35 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:40:51 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:41:06 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:41:25 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:41:41 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:42:02 [ℹ] building nodegroup stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:42:02 [ℹ] --nodes-min=2 was set automatically for nodegroup linux-node
2021-03-16 22:42:02 [ℹ] --nodes-max=2 was set automatically for nodegroup linux-node
2021-03-16 22:42:03 [ℹ] deploying stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:42:03 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:42:22 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:42:41 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:42:59 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:43:14 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:43:31 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:43:49 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:44:06 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:44:25 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:44:42 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:45:01 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:45:19 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:45:39 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:45:57 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:46:13 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:46:30 [ℹ] waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:46:30 [ℹ] waiting for the control plane availability...
2021-03-16 22:46:30 [✔] saved kubeconfig as "/root/.kube/config"
2021-03-16 22:46:30 [ℹ] no tasks
2021-03-16 22:46:30 [✔] all EKS cluster resources for "test-cluster" have been created
2021-03-16 22:46:30 [ℹ] adding identity "arn:aws:iam::<aws_client_id>:role/eksctl-test-cluster-nodegroup-lin-NodeInstanceRole-1D2A4EDQJPMSB" to auth ConfigMap
2021-03-16 22:46:30 [ℹ] nodegroup "linux-node" has 0 node(s)
2021-03-16 22:46:30 [ℹ] waiting for at least 2 node(s) to become ready in "linux-node"
2021-03-16 22:47:02 [ℹ] nodegroup "linux-node" has 2 node(s)
2021-03-16 22:47:02 [ℹ] node "ip-192-xxx-x-x.eu-central-1.compute.internal" is ready
2021-03-16 22:47:02 [ℹ] node "ip-192-xxx-x-x.eu-central-1.compute.internal" is ready
2021-03-16 22:47:02 [✖] could not find any of the authenticator commands: aws-iam-authenticator, heptio-authenticator-aws, aws
2021-03-16 22:47:02 [ℹ] cluster should be functional despite missing (or misconfigured) client binaries
2021-03-16 22:47:02 [✔] EKS cluster "test-cluster" in "eu-central-1" region is ready
When I check Amazon console to see the clusters created I have nothing, the same for the EC2 instances
Solution
For the first problem (IAM policies) you should follow the eksctl minimum IAM policies documentation.
For the second problem you list (authenticator) it appears you don't have any of the three binaries eksctl is looking for to be able to authenticate with the cluster when running kubectl commands. You should be able to resolve this by simply installing the aws cli or the aws-iam-authenticator on the system where you are launching eksctl.
- Kubernetes - pod has unbound immediate PersistentVolumeClaims
- How to delete all resources from Kubernetes one time?
- ActiveMQ Artemis master (primary) pod goes to restart loop after change to shared-store HA option
- Unable to connect to the server: getting credentials: exec: executable kubelogin not found
- Delete kubernetes node pull with Terraform without cluster recreating
- Unable to add Grafana Loki datasource in Kubernetes
- Best practice spread pod across the node evenly
- kubectl : --dry-run is deprecated and can be replaced with --dry-run=client
- What's the meaning of "READY=2/2" output by command "kubectl get pod $yourpod"
- How to get number of pods (available or terminating) in kubernetes?
- Get current image of kubernetes deployment
- Istio Ingress resulting in "no healthy upstream"
- MIME type of .mjs files is "text/html" when deploying React (ViteJS) app to Azure Kubernetes
- how to connect to local network from kubernetes pod
- How to check ephemeral storage that is allocated to EKS node
- Single Container Pod yaml
- How is a service connected to a pod? In yaml, what fields need to match between service and pod?
- Helm's v3 Example Doesn't Show Multi-line Properties. Get YAML to JSON parse error
- Kubectl command to list pods of a deployment in Kubernetes
- Kubernetes: list all pods and its nodes
- how to uninstall minikube from ubuntu, i get an 'Unable to load cached images' error
- Failed to start minikube with virtualbox driver on ubuntu 20.04
- Using Minikube: deployed SQL Server 2022, but it's not reachable on host machine using ssms
- Kubernetes Application with multiple Resources single YAML
- Nat Gateway Profile for AKS using terraform
- kubectl logs - continuously
- How do i update helm repo to the latest version
- 0/1 nodes are available: 1 pod has unbound immediate PersistentVolumeClaims
- Is there a name or standard for the YAML format used to describe kubernetes resources?
- Kubernetes Persisten Volumes