You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Merge pull request #821 from asjarre/fixed-links-troubleshooting
Replaced outside inline code with single backticks instead of double backticks to solve cross-references being rendered incorrectly elsewhere on the page.
Copy file name to clipboardExpand all lines: latest/ug/troubleshooting/troubleshooting.adoc
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -45,7 +45,7 @@ There are a few common reasons that prevent nodes from joining the cluster:
45
45
46
46
47
47
48
-
* If the nodes are managed nodes, Amazon EKS adds entries to the `aws-auth` `ConfigMap` when you create the node group. If the entry was removed or modified, then you need to re-add it. For more information, enter `eksctl create iamidentitymapping --help` in your terminal. You can view your current `aws-auth` `ConfigMap` entries by replacing [.replaceable]`my-cluster` in the following command with the name of your cluster and then running the modified command: ``eksctl get iamidentitymapping --cluster [.replaceable]`my-cluster```. The ARN of the role that you specify can't include a link:IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names[path,type="documentation"] other than `/`. For example, if the name of your role is `development/apps/my-role`, you'd need to change it to `my-role` when specifying the ARN for the role. Make sure that you specify the node IAM role ARN (not the instance profile ARN).
48
+
* If the nodes are managed nodes, Amazon EKS adds entries to the `aws-auth` `ConfigMap` when you create the node group. If the entry was removed or modified, then you need to re-add it. For more information, enter `eksctl create iamidentitymapping --help` in your terminal. You can view your current `aws-auth` `ConfigMap` entries by replacing [.replaceable]`my-cluster` in the following command with the name of your cluster and then running the modified command: `eksctl get iamidentitymapping --cluster [.replaceable]``my-cluster```. The ARN of the role that you specify can't include a link:IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names[path,type="documentation"] other than `/`. For example, if the name of your role is `development/apps/my-role`, you'd need to change it to `my-role` when specifying the ARN for the role. Make sure that you specify the node IAM role ARN (not the instance profile ARN).
49
49
+
50
50
If the nodes are self-managed, and you haven't created <<access-entries,access entries>> for the ARN of the node's IAM role, then run the same commands listed for managed nodes. If you have created an access entry for the ARN for your node IAM role, then it might not be configured properly in the access entry. Make sure that the node IAM role ARN (not the instance profile ARN) is specified as the principal ARN in your `aws-auth` `ConfigMap` entry or access entry. For more information about access entries, see <<access-entries>>.
51
51
* The *ClusterName* in your node {aws} CloudFormation template doesn't exactly match the name of the cluster you want your nodes to join. Passing an incorrect value to this field results in an incorrect configuration of the node's `/var/lib/kubelet/kubeconfig` file, and the nodes will not join the cluster.
@@ -84,7 +84,7 @@ This could be due to one of the following reasons:
84
84
85
85
* The cluster was created with credentials for one IAM principal and `kubectl` is configured to use credentials for a different IAM principal. To resolve this, update your `kube config` file to use the credentials that created the cluster. For more information, see <<create-kubeconfig>>.
86
86
* If your cluster meets the minimum platform requirements in the prerequisites section of <<access-entries,Grant IAM users access to Kubernetes with EKS access entries>>, an access entry doesn't exist with your IAM principal. If it exists, it doesn't have the necessary [.noloc]`Kubernetes` group names defined for it, or doesn't have the proper access policy associated to it. For more information, see <<access-entries>>.
87
-
* If your cluster doesn't meet the minimum platform requirements in <<access-entries,Grant IAM users access to Kubernetes with EKS access entries>>, an entry with your IAM principal doesn't exist in the `aws-auth` `ConfigMap`. If it exists, it's not mapped to [.noloc]`Kubernetes` group names that are bound to a [.noloc]`Kubernetes` `Role` or `ClusterRole` with the necessary permissions. For more information about [.noloc]`Kubernetes` role-based authorization (RBAC) objects, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/[Using RBAC authorization] in the [.noloc]`Kubernetes` documentation. You can view your current `aws-auth` `ConfigMap` entries by replacing [.replaceable]`my-cluster` in the following command with the name of your cluster and then running the modified command: ``eksctl get iamidentitymapping --cluster [.replaceable]`my-cluster```. If an entry for with the ARN of your IAM principal isn't in the `ConfigMap`, enter `eksctl create iamidentitymapping --help` in your terminal to learn how to create one.
87
+
* If your cluster doesn't meet the minimum platform requirements in <<access-entries,Grant IAM users access to Kubernetes with EKS access entries>>, an entry with your IAM principal doesn't exist in the `aws-auth` `ConfigMap`. If it exists, it's not mapped to [.noloc]`Kubernetes` group names that are bound to a [.noloc]`Kubernetes` `Role` or `ClusterRole` with the necessary permissions. For more information about [.noloc]`Kubernetes` role-based authorization (RBAC) objects, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/[Using RBAC authorization] in the [.noloc]`Kubernetes` documentation. You can view your current `aws-auth` `ConfigMap` entries by replacing [.replaceable]`my-cluster` in the following command with the name of your cluster and then running the modified command: `eksctl get iamidentitymapping --cluster [.replaceable]``my-cluster```. If an entry for with the ARN of your IAM principal isn't in the `ConfigMap`, enter `eksctl create iamidentitymapping --help` in your terminal to learn how to create one.
88
88
89
89
If you install and configure the {aws} CLI, you can configure the IAM credentials that you use. For more information, see link:cli/latest/userguide/cli-chap-getting-started.html[Configuring the {aws} CLI,type="documentation"] in the _{aws} Command Line Interface User Guide_. You can also configure `kubectl` to use an IAM role, if you assume an IAM role to access [.noloc]`Kubernetes` objects on your cluster. For more information, see <<create-kubeconfig>>.
90
90
@@ -404,7 +404,7 @@ This can happen due to one of the following reasons:
404
404
405
405
. You either don't have an `aws-auth` `ConfigMap` on your cluster or it doesn't include entries for the IAM role that you configured your nodes with.
406
406
+
407
-
To resolve the issue, view the existing entries in your `ConfigMap` by replacing [.replaceable]`my-cluster` in the following command with the name of your cluster and then running the modified command: ``eksctl get iamidentitymapping --cluster [.replaceable]`my-cluster```. If you receive an error message from the command, it might be because your cluster doesn't have an `aws-auth` `ConfigMap`. The following command adds an entry to the `ConfigMap`. If the `ConfigMap` doesn't exist, the command also creates it. Replace [.replaceable]`111122223333` with the {aws} account ID for the IAM role and [.replaceable]`myAmazonEKSNodeRole` with the name of your node's role.
407
+
To resolve the issue, view the existing entries in your `ConfigMap` by replacing [.replaceable]`my-cluster` in the following command with the name of your cluster and then running the modified command: `eksctl get iamidentitymapping --cluster [.replaceable]``my-cluster```. If you receive an error message from the command, it might be because your cluster doesn't have an `aws-auth` `ConfigMap`. The following command adds an entry to the `ConfigMap`. If the `ConfigMap` doesn't exist, the command also creates it. Replace [.replaceable]`111122223333` with the {aws} account ID for the IAM role and [.replaceable]`myAmazonEKSNodeRole` with the name of your node's role.
The ARN of the role that you specify can't include a link:IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names[path,type="documentation"] other than `/`. For example, if the name of your role is `development/apps/my-role`, you'd need to change it to `my-role` when specifying the ARN of the role. Make sure that you specify the node IAM role ARN (not the instance profile ARN).
417
-
. Your self-managed nodes are in a cluster with a platform version at the minimum version listed in the prerequisites in the <<access-entries,Grant IAM users access to Kubernetes with EKS access entries>> topic, but an entry isn't listed in the `aws-auth` `ConfigMap` (see previous item) for the node's IAM role or an access entry doesn't exist for the role. To resolve the issue, view your existing access entries by replacing [.replaceable]`my-cluster` in the following command with the name of your cluster and then running the modified command: ``aws eks list-access-entries --cluster-name [.replaceable]`my-cluster```. The following command adds an access entry for the node's IAM role. Replace [.replaceable]`111122223333` with the {aws} account ID for the IAM role and [.replaceable]`myAmazonEKSNodeRole` with the name of your node's role. If you have a Windows node, replace [.replaceable]`EC2_Linux` with `EC2_Windows`. Make sure that you specify the node IAM role ARN (not the instance profile ARN).
417
+
. Your self-managed nodes are in a cluster with a platform version at the minimum version listed in the prerequisites in the <<access-entries,Grant IAM users access to Kubernetes with EKS access entries>> topic, but an entry isn't listed in the `aws-auth` `ConfigMap` (see previous item) for the node's IAM role or an access entry doesn't exist for the role. To resolve the issue, view your existing access entries by replacing [.replaceable]`my-cluster` in the following command with the name of your cluster and then running the modified command: `aws eks list-access-entries --cluster-name [.replaceable]``my-cluster```. The following command adds an access entry for the node's IAM role. Replace [.replaceable]`111122223333` with the {aws} account ID for the IAM role and [.replaceable]`myAmazonEKSNodeRole` with the name of your node's role. If you have a Windows node, replace [.replaceable]`EC2_Linux` with `EC2_Windows`. Make sure that you specify the node IAM role ARN (not the instance profile ARN).
418
418
+
419
419
[source,bash,subs="verbatim,attributes"]
420
420
----
@@ -720,4 +720,4 @@ The first two columns are what are needed for API response values. The third fie
720
720
|===
721
721
722
722
723
-
📝 https://github.com/search?q=repo:awsdocs/amazon-eks-user-guide+[[troubleshooting,&type=code[Edit this page on GitHub]
723
+
📝 https://github.com/search?q=repo:awsdocs/amazon-eks-user-guide+[[troubleshooting,&type=code[Edit this page on GitHub]
0 commit comments