eksctl icon indicating copy to clipboard operation
eksctl copied to clipboard

Published 20 hours ago verified publisher icon eksctl-io

[Bug] Can't reuse instanceRoleARN in multiple nodegroups with AccessEntry

Open DanielCKennedy opened this issue 1 year ago • 3 comments

What were you trying to accomplish?

With the switch to access entries, creating multiple self managed nodes using the same instanceRoleARN no longer works.

What happened?

The first node successfully gets created however subsequent nodes fail to create due to the AccessEntry already existing.

How to reproduce it?

$ vi cluster.yaml

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: test
  region: us-west-2

nodeGroups:
  - name: ng-1
    instanceType: m5.large
    desiredCapacity: 1
    volumeSize: 80
    iam:
      instanceRoleARN: "arn:aws:iam::999999999999:role/myRole"
  - name: ng-2
    instanceType: m5.large
    desiredCapacity: 1
    volumeSize: 80
    iam:
      instanceRoleARN: "arn:aws:iam::999999999999:role/myRole"

$ eksctl create cluster -f cluster.yaml
// fails

Logs

2024-01-24 20:11:48 [!]  1 error(s) occurred and cluster hasn't been created properly, you may wish to check CloudFormation console

From CFN stack:

Logical ID: AccessEntry
Status: CREATE_FAILED
Status reason: arn:aws:iam::999999999999:role/myRole|test already exists in stack <other_nodegroup_stack>

Anything else we need to know?

Versions

$ eksctl info
eksctl version: 0.169.0
kubectl version: v1.22.0
OS: linux

DanielCKennedy avatar Jan 24 '24 20:01 DanielCKennedy

Hello DanielCKennedy :wave: Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-5 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website

github-actions[bot] avatar Jan 24 '24 20:01 github-actions[bot]

Hello Team .

We are encountering the same issue, which has led us to refrain from using EKS access entries. As a workaround, we have downgraded the eksctl version to a lower one from 0.167.0.

ajaydevtron avatar Jan 28 '24 14:01 ajaydevtron

Looks like 0.166.0 does not have this problem. Thanks for calling it out @ajaydevtron !

matschaffer-roblox avatar Feb 08 '24 21:02 matschaffer-roblox

Can we get real fix for this issue, using 0.166.0 is the workaround but it won't last longer? Thank you for support.

bjoshi18 avatar Mar 15 '24 15:03 bjoshi18