-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
eks: Auth manifest fails to provision with cluster in isolated subnets #30442
Comments
If you create cluster with isolated subnets only with You may find these useful though: |
Actually the root of the problem is that the Lambda function used for kubectl isn't configured to use regional STS endpoints, which causes its manifest validation to fail because it defaults to sts.amazonaws.com, even when being used in a VPC with a VPC endpoint. |
Yes this could be a consideration. Thanks for the sharing. |
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one. |
Describe the bug
I'm trying to deploy a basic EKS cluster in a private VPC (but using public and private control plane endpoint). I can provision just the cluster itself, but when trying to add an auto scaling group as a managed node group, the Lambda functions trying to create the auth manifest fail.
Expected Behavior
The auth manifest successfully completes.
Current Behavior
The Lambda function creating the auth manifest fails with the following error:
Received response status [FAILED] from custom resource. Message returned: TimeoutError: {"state":"TIMEOUT","reason":"Waiter has timed out"} at checkExceptions (/var/runtime/node_modules/@aws-sdk/node_modules/@smithy/util-waiter/dist-cjs/index.js:59:26) at waitUntilFunctionActiveV2 (/var/runtime/node_modules/@aws-sdk/client-lambda/dist-cjs/index.js:5895:49) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async defaultInvokeFunction (/var/task/outbound.js:1:1024) at async invokeUserFunction (/var/task/framework.js:1:2287) at async onEvent (/var/task/framework.js:1:369) at async Runtime.handler (/var/task/cfn-response.js:1:1676) (RequestId: b13fb0f2-88dd-4ff8-a866-54c4963e9bbb)
The function's logs show the following:
But I don't see any logs for the referenced Handler function ever produced and the function's metrics don't show any invocations. The Lambdas aren't being placed in the VPC, so it's unclear why the handler function is not being invoked.
Reproduction Steps
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.144.0
Framework Version
No response
Node.js Version
v20.9.0
OS
darwin
Language
.NET
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: