eks-anywhere icon indicating copy to clipboard operation
eks-anywhere copied to clipboard

Published 20 hours ago • verified publisher icon aws

Workload cluster deployment with `AWSIamConfig` fails if the management cluster doesn't have `AWSIamConfig`

Open abhinavmpandey08 opened this issue 3 years ago • 0 comments

What happened: Configuring aws-iam-authenticator on workload cluster results in a failed deployment if the management cluster didn't have aws-iam-authenticator configured. The CLI will timeout at "Creating workload cluster" stage after the external ETCD nodes are created. If you describe the control plane machine, you will see the following status:

  status:
    bootstrapReady: false
    conditions:
    - lastTransitionTime: "2022-07-26T23:50:02Z"
      message: 0 of 2 completed
      reason: DataSecretGenerationFailed
      severity: Warning
      status: "False"
      type: Ready
    - lastTransitionTime: "2022-07-26T23:50:02Z"
      message: 'failed to resolve file source: secret not found: eksa-system/aws-iam-authenticator-ca:
        secrets "aws-iam-authenticator-ca" not found'
      reason: DataSecretGenerationFailed
      severity: Warning
      status: "False"
      type: BootstrapReady
    - lastTransitionTime: "2022-07-26T23:50:02Z"
      reason: WaitingForBootstrapData
      severity: Info
      status: "False"
      type: InfrastructureReady

What you expected to happen: Workload cluster with AWSIamConfig to be created successfully

How to reproduce it (as minimally and precisely as possible): Create management cluster without AWSIamConfig and then try to create a workload cluster from the management cluster with AWSIamConfig

Anything else we need to know?:

Environment:

  • EKS Anywhere Release:
  • EKS Distro Release:

abhinavmpandey08 avatar Jul 28 '22 00:07 abhinavmpandey08