1

我尝试使用eksctl脚本在 Amazon EKS 上创建新的 Kubernetes 集群。

我创建了具有此权限的 IAM 用户:

在此处输入图像描述

当我尝试创建它时,出现此错误:

root@myvm:~# eksctl create cluster --name test-cluster --region eu-central-1 --nodegroup-name linux-node --node-type t2.micro --nodes 2
2021-03-16 23:05:24 [ℹ]  eksctl version 0.40.0
2021-03-16 23:05:24 [ℹ]  using region eu-central-1
2021-03-16 23:05:24 [ℹ]  setting availability zones to [eu-central-1c eu-central-1b eu-central-1a]
2021-03-16 23:05:24 [ℹ]  subnets for eu-central-1c - public:192.xxx.x.x/19 private:192.xxx.xx.x/19
2021-03-16 23:05:24 [ℹ]  subnets for eu-central-1b - public:192.xxx.x.x/19 private:192.xxx.x.x/19
2021-03-16 23:05:24 [ℹ]  subnets for eu-central-1a - public:192.xxx.x.x/19 private:192.xxx.x.x/19
Error: unable to determine AMI to use: error getting AMI from SSM Parameter Store: AccessDeniedException: User: arn:aws:iam::<aws_client_id>:user/<eks_user> is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:eu-central-1:<aws_client_id>:parameter/aws/service/eks/optimized-ami/1.18/amazon-linux-2/recommended/image_id
        status code: 400, request id: 18e6d83d-af7c-4a9c-904f-adf646d22f65

我创建了另一个具有 AdministratorAccess 权限的 IAM 用户并更改了我的 VM 上的 aws 凭证。

root@myvm:~#  eksctl create cluster --name test-cluster --region eu-central-1 --nodegroup-name linux-node --node-type t2.micro --nodes 2
2021-03-16 22:28:37 [ℹ]  eksctl version 0.40.0
2021-03-16 22:28:37 [ℹ]  using region eu-central-1
2021-03-16 22:28:37 [ℹ]  setting availability zones to [eu-central-1b eu-central-1c eu-central-1a]
2021-03-16 22:28:37 [ℹ]  subnets for eu-central-1b - public:192.xxx.x.x/19 private:192.xxx.x.x/19
2021-03-16 22:28:37 [ℹ]  subnets for eu-central-1c - public:192.xxx.x.x/19 private:192.xxx.x.x/19
2021-03-16 22:28:37 [ℹ]  subnets for eu-central-1a - public:192.xxx.x.x/19 private:192.xxx.x.x/19
2021-03-16 22:28:37 [ℹ]  nodegroup "linux-node" will use "ami-0f85d2eeb0bea62a7" [AmazonLinux2/1.18]
2021-03-16 22:28:37 [ℹ]  using Kubernetes version 1.18
2021-03-16 22:28:37 [ℹ]  creating EKS cluster "test-cluster" in "eu-central-1" region with un-managed nodes
2021-03-16 22:28:37 [ℹ]  will create 2 separate CloudFormation stacks for cluster itself and the initial nodegroup
2021-03-16 22:28:37 [ℹ]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=eu-central-1 --cluster=test-cluster'
2021-03-16 22:28:37 [ℹ]  CloudWatch logging will not be enabled for cluster "test-cluster" in "eu-central-1"
2021-03-16 22:28:37 [ℹ]  you can enable it with 'eksctl utils update-cluster-logging --enable-types={SPECIFY-YOUR-LOG-TYPES-HERE (e.g. all)} --region=eu-central-1 --cluster=test-cluster'
2021-03-16 22:28:37 [ℹ]  Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "test-cluster" in "eu-central-1"
2021-03-16 22:28:37 [ℹ]  2 sequential tasks: { create cluster control plane "test-cluster", 3 sequential sub-tasks: { wait for control plane to become ready, create addons, create nodegroup "linux-node" } }
2021-03-16 22:28:37 [ℹ]  building cluster stack "eksctl-test-cluster-cluster"
2021-03-16 22:28:38 [ℹ]  deploying stack "eksctl-test-cluster-cluster"
2021-03-16 22:28:38 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:28:57 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:29:12 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:29:30 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:29:49 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:30:07 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:30:25 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:30:45 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:31:03 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:31:20 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:31:36 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:31:55 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:32:11 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:32:31 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:32:48 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:33:04 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:33:20 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:33:38 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:33:54 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:34:10 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:34:29 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:34:48 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:35:05 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:35:22 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:35:41 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:35:56 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:36:15 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:36:31 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:36:48 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:37:05 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:37:22 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:37:38 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:37:53 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:38:10 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:38:29 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:38:44 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:39:04 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:39:24 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:39:39 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:39:56 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:40:16 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:40:35 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:40:51 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:41:06 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:41:25 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:41:41 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-cluster"
2021-03-16 22:42:02 [ℹ]  building nodegroup stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:42:02 [ℹ]  --nodes-min=2 was set automatically for nodegroup linux-node
2021-03-16 22:42:02 [ℹ]  --nodes-max=2 was set automatically for nodegroup linux-node
2021-03-16 22:42:03 [ℹ]  deploying stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:42:03 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:42:22 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:42:41 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:42:59 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:43:14 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:43:31 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:43:49 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:44:06 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:44:25 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:44:42 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:45:01 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:45:19 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:45:39 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:45:57 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:46:13 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:46:30 [ℹ]  waiting for CloudFormation stack "eksctl-test-cluster-nodegroup-linux-node"
2021-03-16 22:46:30 [ℹ]  waiting for the control plane availability...
2021-03-16 22:46:30 [✔]  saved kubeconfig as "/root/.kube/config"
2021-03-16 22:46:30 [ℹ]  no tasks
2021-03-16 22:46:30 [✔]  all EKS cluster resources for "test-cluster" have been created
2021-03-16 22:46:30 [ℹ]  adding identity "arn:aws:iam::<aws_client_id>:role/eksctl-test-cluster-nodegroup-lin-NodeInstanceRole-1D2A4EDQJPMSB" to auth ConfigMap
2021-03-16 22:46:30 [ℹ]  nodegroup "linux-node" has 0 node(s)
2021-03-16 22:46:30 [ℹ]  waiting for at least 2 node(s) to become ready in "linux-node"
2021-03-16 22:47:02 [ℹ]  nodegroup "linux-node" has 2 node(s)
2021-03-16 22:47:02 [ℹ]  node "ip-192-xxx-x-x.eu-central-1.compute.internal" is ready
2021-03-16 22:47:02 [ℹ]  node "ip-192-xxx-x-x.eu-central-1.compute.internal" is ready
2021-03-16 22:47:02 [✖]  could not find any of the authenticator commands: aws-iam-authenticator, heptio-authenticator-aws, aws
2021-03-16 22:47:02 [ℹ]  cluster should be functional despite missing (or misconfigured) client binaries
2021-03-16 22:47:02 [✔]  EKS cluster "test-cluster" in "eu-central-1" region is ready

当我检查 Amazon 控制台以查看创建的集群时,我什么都没有,对于 EC2 实例也是如此

4

1 回答 1

1

对于第一个问题(IAM 策略),您应该遵循eksctl 最低 IAM 策略文档。

对于您列出的第二个问题(身份验证器),您似乎没有eksctl正在寻找能够在运行kubectl命令时对集群进行身份验证的三个二进制文件中的任何一个。您应该能够通过在要启动的系统上简单地安装 aws cliaws-iam-authenticatoreksctl来解决此问题。

于 2021-03-17T09:52:00.787 回答