Click here to see all BLACKFRIDAY deals

Need help?

Our experts have had an average response time of 12.14 minutes in September 2021 to fix urgent issues.
GET HELP RIGHT NOW

We will keep your servers stable, secure, and fast at all times for one fixed price.

SEE SUPPORT PLANS

How to resolve: Cluster creation errors in Amazon EKS

by | Sep 5, 2021

Stuck with cluster creation errors in Amazon EKS? We can help you with this!

As a part of our AWS Support Services, we often receive similar requests from our AWS customers.

Today, let’s see the steps followed by our Support Techs to help our customers to fix cluster creation errors in Amazon EKS.

 

Cluster creation errors in Amazon EKS

 

Now let’s see the steps to resolve different types of cluster creation errors:

  1. We should follow the below steps in two sections if we receive an error message stating that resource creation failed.

 

Correct IAM permissions to create a cluster

 

We need to verify that we have the correct AWS IAM permissions while creating a cluster, including the correct policies for the Amazon EKS service IAM role.

To create the prerequisite resources like security groups and IAM roles, we can use eksctl.

For example, we could have receive an error  in eksctl as follows, if our cluster has issues with IAM permissions:

API: iam:CreateRole User: arn:aws:iam::your-account-id:user/your-user-name is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::your-account-id:role/eksctl-newtest22-cluster-ServiceRole-10NXBYLSN4ULP

 

Monitoring Amazon VPC resources

 

If we don’t specify our own custom Amazon VPC and subnets in the configuration file, eksctl creates a new Amazon VPC by default when we create a cluster.

We could have receive an error as follows if the cluster has issues with your Amazon VPC limits:

The maximum number of VPCs has been reached. (Service: AmazonEC2; Status Code: 400; Error Code: VpcLimitExceeded; Request ID: a12b34cd-567e-890-123f-ghi4j56k7lmn)

For fixing this issue we need to monitor our resources, like the number of Amazon VPCs in our AWS Region .

Follow any of the below options if we have an issue with resource constraints on the number of Amazon VPC resources in our Region.

Option 1: To resolve the issue with resource constraints, we can use an existing Amazon VPC.

Run the following command to create a configuration file that specifies the VPC and the subnets.

$ eksctl create cluster sample-cluster -f cluster.yaml

Option 2:  To resolve the issue with resource constraints, we can request a service quota increase.

We can request a service quota increase on the resources that act as an obstruction in the AWS CloudFormation stack events.

2. Follow the steps below if we receive an error message as the targeted Availability Zone doesn’t have sufficient capacity.

 

Recreate the cluster in a different Availability Zone

 

We could have received an error as follows if we launch control plane instances in an Availability Zone with limited capacity:

Cannot create cluster 'sample-cluster' because us-east-1d, the targeted availability zone, does not currently have sufficient capacity to support the cluster. Retry and choose from these availability zones: us-east-1a, us-east-1b, us-east-1c

Here, we can create the cluster again using the recommended Availability Zones from the error message.

Pass values for the Subnets parameter that match the Availability Zones if we are provisioning the cluster using AWS CloudFormation.

or

We can use the –zones flag to pass in the values for the different Availability Zones if we are using eksctl. For example,

$ eksctl create cluster 'sample-cluster' --zones us-east-1a,us-east-1b,us-east-1c

3. We should follow the below steps if we receive an error message stating that the creation timed out waiting for worker nodes.

 

Check and confirm that worker nodes can reach the control plane API endpoint

 

When eksctl deploys our cluster, it waits for the worker nodes that are launched to join the cluster and reach Ready status.

we could receive the following error, if the worker nodes can’t reach the control plane:

timed out (after 25m0s) waiting for at least 4 nodes to join the cluster and become ready in "eksfbots-ng1"

To fix this error, get the worker nodes to join the cluster, and confirm that worker nodes are in Ready status.

[Need help with more AWS queries? We’d be happy to assist]

 

Conclusion

 

To conclude, today we discussed the steps followed by our Support Engineers to help our customers to resolve cluster creation errors in Amazon EKS.

Related posts:

  1. How to create custom Amazon Linux AMIs for EKS
  2. Lock down API access to specific IP addresses in EKS cluster
  3. Create multiple node groups for EKS worker nodes using eksctl
  4. ECR issues with Amazon EKS: How to troubleshoot

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Posts

  1. How to create custom Amazon Linux AMIs for EKS
  2. Lock down API access to specific IP addresses in EKS cluster
  3. Create multiple node groups for EKS worker nodes using eksctl
  4. ECR issues with Amazon EKS: How to troubleshoot

Categories

Amazon Web Services (AWS) | Latest

Tags

Amazon EC2 instance | Amazon EKS API | Amazon EKS cluster | AWS CLI | EC2 instance unreachable | EC2 Windows | EKS Cluster

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF