eksctl icon indicating copy to clipboard operation
eksctl copied to clipboard

Published 20 hours ago verified publisher icon eksctl-io

node instance profile need to include `AmazonEBSCSIDriverPolicy` by default

Open chenrui333 opened this issue 1 year ago • 2 comments

While using eksctl to create managed nodegroup for k8s 1.23 cluster, I ran into some node instance profile issue, while it is lacking of AmazonEBSCSIDriverPolicy policy.

Even though I tried to use eksctl to create separate iamserviceaccount, and use it for aws-ebs-csi-driver addon, somehow it still references the node instance profile, so I ended up attaching AmazonEBSCSIDriverPolicy policy into the eks created node instance profile.

Let me know if that makes sense.

chenrui333 avatar Jan 04 '24 03:01 chenrui333

https://github.com/eksctl-io/eksctl/blob/9575570b554610129382d0a181645a3806cea98f/pkg/cfn/builder/statement.go#L390-L520

AmazonEBSCSIDriverPolicy is defined entirely here. Have you tried to configure it with what's shown in the doc? https://eksctl.io/usage/iam-policies/?h=ebs#supported-iam-add-on-policies

yuxiang-zhang avatar Jan 25 '24 23:01 yuxiang-zhang

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Feb 25 '24 01:02 github-actions[bot]

This issue was closed because it has been stalled for 5 days with no activity.

github-actions[bot] avatar Mar 01 '24 01:03 github-actions[bot]