Not able to use eksctl to create eks cluster in AWS playground

$ eksctl create cluster --name eks-kafka-demo --region us-east-1
2022-10-31 14:33:42 [:information_source:] building cluster stack “eksctl-eks-kafka-demo-cluster”
2022-10-31 14:33:44 [:information_source:] deploying stack “eksctl-eks-kafka-demo-cluster”
2022-10-31 14:34:14 [:information_source:] waiting for CloudFormation stack “eksctl-eks-kafka-demo-cluster”
2022-10-31 14:34:15 [:heavy_multiplication_x:] unexpected status “ROLLBACK_IN_PROGRESS” while waiting for CloudFormation stack “eksctl-eks-kafka-demo-cluster”
2022-10-31 14:34:15 [:information_source:] fetching stack events in attempt to troubleshoot the root cause of the failure
2022-10-31 14:34:16 [:heavy_multiplication_x:] AWS::EC2::RouteTable/PublicRouteTable: CREATE_FAILED – “Resource creation cancelled”
2022-10-31 14:34:16 [:heavy_multiplication_x:] AWS::EC2::RouteTable/PrivateRouteTableUSEAST1C: CREATE_FAILED – “Resource creation cancelled”
2022-10-31 14:34:16 [:heavy_multiplication_x:] AWS::EC2::RouteTable/PrivateRouteTableUSEAST1D: CREATE_FAILED – “Resource creation cancelled”
2022-10-31 14:34:16 [:heavy_multiplication_x:] AWS::EC2::VPCGatewayAttachment/VPCGatewayAttachment: CREATE_FAILED – “Resource creation cancelled”
2022-10-31 14:34:16 [:heavy_multiplication_x:] AWS::IAM::Policy/PolicyELBPermissions: CREATE_FAILED – “API: iam:PutRolePolicy User: arn:aws:iam::549629425509:user/odl_user_777193 is not authorized to perform: iam:PutRolePolicy on
resource: role eksctl-eks-kafka-demo-cluster-ServiceRole-XKG1LZM0HODU with an explicit deny in an identity-based policy”
2022-10-31 14:34:16 [:heavy_multiplication_x:] AWS::IAM::Policy/PolicyCloudWatchMetrics: CREATE_FAILED – “API: iam:PutRolePolicy User: arn:aws:iam::549629425509:user/odl_user_777193 is not authorized to perform: iam:PutRolePolicy
on resource: role eksctl-eks-kafka-demo-cluster-ServiceRole-XKG1LZM0HODU with an explicit deny in an identity-based policy”
2022-10-31 14:34:16 [!] 1 error(s) occurred and cluster hasn’t been created properly, you may wish to check CloudFormation console
2022-10-31 14:34:16 [:information_source:] to cleanup resources, run ‘eksctl delete cluster --region=us-east-1 --name=eks-kafka-demo’
2022-10-31 14:34:16 [:heavy_multiplication_x:] ResourceNotReady: failed waiting for successful resource state
Error: failed to create cluster “eks-kafka-demo”

Hello @sreemanthena,

There’s a known issue with eksctl and we already had a ticket to resolve it internally.
One more thing, the
eksctl create cluster --name eks-kafka-demo --region us-east-1
will create a managed nodegroup containing two m5.large nodes. Which seems exceed the limit of the playground, can you try to create the cluster with the console option and try the smaller instance type?

Happy learning,
Trung.

Sure Trung, let me try with custom cluster file. But my doubt is I may face issue with some IAM roles, but let me try and confirm you.

@trung-kodekloud
Hi Trung,

Seems here the problem is with IAM permissions to the default user. Even I am not able to create users with some full permissions.

Please guide me further on it.

2022-11-01 10:17:06 [:heavy_multiplication_x:] unexpected status “ROLLBACK_IN_PROGRESS” while waiting for CloudFormation stack “eksctl-ekskafkademo-cluster”
2022-11-01 10:17:06 [:information_source:] fetching stack events in attempt to troubleshoot the root cause of the failure
2022-11-01 10:17:07 [:heavy_multiplication_x:] AWS::EC2::RouteTable/PrivateRouteTableUSEAST1C: CREATE_FAILED – “Resource creation cancelled”
2022-11-01 10:17:07 [:heavy_multiplication_x:] AWS::EC2::SecurityGroup/ControlPlaneSecurityGroup: CREATE_FAILED – “Resource creation cancelled”
2022-11-01 10:17:07 [:heavy_multiplication_x:] AWS::EC2::RouteTable/PrivateRouteTableUSEAST1A: CREATE_FAILED – “Resource creation cancelled”
2022-11-01 10:17:07 [:heavy_multiplication_x:] AWS::EC2::RouteTable/PublicRouteTable: CREATE_FAILED – “Resource creation cancelled”
2022-11-01 10:17:07 [:heavy_multiplication_x:] AWS::EC2::VPCGatewayAttachment/VPCGatewayAttachment: CREATE_FAILED – “Resource creation cancelled”
2022-11-01 10:17:07 [:heavy_multiplication_x:] AWS::IAM::Policy/PolicyCloudWatchMetrics: CREATE_FAILED – “API: iam:PutRolePolicy User: arn:aws:iam::404621780796:user/odl_user_777781 is not authorized to perform: iam:PutRolePolicy
on resource: role eksctl-ekskafkademo-cluster-ServiceRole-6K2LGW2RF9EP with an explicit deny in an identity-based policy”
2022-11-01 10:17:07 [:heavy_multiplication_x:] AWS::IAM::Policy/PolicyELBPermissions: CREATE_FAILED – "API: iam:PutRolePolicy User: arn:aws:iam::404621780796:user/odl_user_777781 is not authorized to perform: iam:PutRolePolicy on
resource: role eksctl-ekskafkademo-cluster-ServiceRole-6K2LGW2RF9EP with an explicit deny in an identity-based policy"
2022-11-01 10:17:07 [!] 1 error(s) occurred and cluster hasn’t been created properly, you may wish to check CloudFormation console
2022-11-01 10:17:07 [:information_source:] to cleanup resources, run ‘eksctl delete cluster --region=us-east-1 --name=ekskafkademo’
2022-11-01 10:17:07 [:heavy_multiplication_x:] ResourceNotReady: failed waiting for successful resource state
Error: failed to create cluster “ekskafkademo”

Hi @sreemanthena,

Let me try on my side and get back.

Thanks,
Trung.

Hi @sreemanthena,

As mentioned above, we already noticed the issue with eksctl and have an internal ticket to fix it.
In the meantime, please use aws console to create your demo cluster, I just gave it a try and able to create a cluster.

I can then connect to the cluster from my MacBook using AWS CLI.

[email protected] ~ % aws configure
[email protected] ~ % aws sts get-caller-identity
{
    "UserId": "AIDA4BMBMSTEDYUFVWIVS",
    "Account": "827589432520",
    "Arn": "arn:aws:iam::827589432520:user/odl_user_777836"
}
[email protected] ~ % aws eks --region us-east-1 update-kubeconfig --name kk-cluster
Added new context arn:aws:eks:us-east-1:827589432520:cluster/kk-cluster to /Users/trungtran/.kube/config
[email protected] ~ % kubectl cluster-info
Kubernetes control plane is running at https://736650DE9114F0DBB026431396406E0E.gr7.us-east-1.eks.amazonaws.com
CoreDNS is running at https://736650DE9114F0DBB026431396406E0E.gr7.us-east-1.eks.amazonaws.com/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

Please try on your own, make sure you select the allowed region (i used us-east-1 in my above demo).
Connect to AWS cluster: Connect to Amazon EKS clusters
Install AWS CLI: Installing or updating the latest version of the AWS CLI - AWS Command Line Interface

Happy learning,
Trung.

Hi Trung,

Is the cluster creating with worker nodes? I have tried to create cluster from Dashboard but seems it is creating without the worker nodes.

Events:
Type Reason Age From Message


Warning FailedScheduling 35s default-scheduler no nodes available to schedule pods

$ kubectl get nodes
No resources found

[email protected] MINGW64 /d/Training-Batch-10/Terraform
$

[email protected] MINGW64 /d/Training-Batch-10/Terraform
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.100.0.1 443/TCP 75m

[email protected] MINGW64 /d/Training-Batch-10/Terraform
$

@trung-kodekloud
Could you pls help me further to do some practice

Hello @sreemanthena,

AWS has some step by step practice here: Hands-On Tutorials for Amazon Web Services (AWS)

You can follow them to practice more with your EKS cluster.

Thanks,
Trung.

@trung-kodekloud

You mean follow those steps in our aws playground?

Hello @sreemanthena, confirmed there’s no worker node by default. I just checked the document and we need eksctl to create node group for our EKS cluster.

Trung.

ok, thanks a lot for the confirmation. Let me go through the shared video

@trung-kodekloud

Seems we are not getting the sufficient priviliges and resources to get create of cluster. Don’t know what are providing for support.

Second time also it is failed.

Let me review this with the Playground team, sorry for any inconveniences @sreemanthena.

Trung.

Thanks a lot Trung. Please help me on it.

I have lot of faith on KodeKloud and even recommended many of my friends, if it is keep on going I may need to look for revoke of subscription.

Hi @sreemanthena

Please accept our apologies for the delay that cause, we will check the permissions boundaries and share it with u a short video on how to create the EKS cluster based on the possibilities on easing some restrictions we are having, You also have to understand this is playground env and we cant allow all the privileges and even on stating out we are working on this issue with a dedicated resource to fix your concern

Thanks a lot and even not able to create cloud 9 env.

Cloud 9 Service is not enabled in our aws playground yet and we will check it and soon let you know the possibility of releasing it