使用 eksctl 创建 aws EKS Kubernetes 集群时出错

Question

我尝试运行下面的代码并使用 eksctl 创建 aws eks kubernetes 集群，

\n

$ eksctl create cluster \\\n  --version 1.14 \\\n  --region us-west-2 \\\n  --node-type t3.medium \\\n  --nodes 3 \\\n  --nodes-min 1 \\\n  --nodes-max 4 \\\n  --name my-demo \\\n  --kubeconfig=$HOME/kubeconfigs/demo-cluster-config.yaml\n\n\n\nas a result I got below errors,\n\n[\xe2\x84\xb9]  eksctl version 0.35.0\n\n[\xe2\x84\xb9]  using region us-west-2\n\n[\xe2\x84\xb9]  setting availability zones to [us-west-2b us-west-2a us-west-2c]\n\n[\xe2\x84\xb9]  subnets for us-west-2b - public:192.168.0.0/19 private:192.168.96.0/19\n\n[\xe2\x84\xb9]  subnets for us-west-2a - public:192.168.32.0/19 private:192.168.128.0/19\n\n[\xe2\x84\xb9]  subnets for us-west-2c - public:192.168.64.0/19 private:192.168.160.0/19\n\n[\xe2\x84\xb9]  nodegroup "ng-6c4aa136" will use "ami-0f9f033f2355ab1f8" [AmazonLinux2/1.18]\n\n[\xe2\x84\xb9]  using Kubernetes version 1.18\n\n[\xe2\x84\xb9]  creating EKS cluster "my-demo" in "us-west-2" region with un-managed nodes\n\n[\xe2\x84\xb9]  will create 2 separate CloudFormation stacks for cluster itself and the initial nodegroup\n\n[\xe2\x84\xb9]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-west-2 --cluster=my-demo'\n\n[\xe2\x84\xb9]  CloudWatch logging will not be enabled for cluster "my-demo" in "us-west-2"\n\n[\xe2\x84\xb9]  you can enable it with 'eksctl utils update-cluster-logging --enable-types={SPECIFY-YOUR-LOG-TYPES-HERE (e.g. all)} --region=us-west-2 --cluster=my-demo'\n\n[\xe2\x84\xb9]  Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "my-demo" in "us-west-2"\n\n[\xe2\x84\xb9]  2 sequential tasks: { create cluster control plane "my-demo", 3 sequential sub-tasks: { no tasks, create addons, create nodegroup "ng-6c4aa136" } }\n\n[\xe2\x84\xb9]  building cluster stack "eksctl-my-demo-cluster"\n\n[\xe2\x84\xb9]  deploying stack "eksctl-my-demo-cluster"\n\n[\xe2\x9c\x96]  unexpected status "ROLLBACK_IN_PROGRESS" while waiting for CloudFormation stack "eksctl-my-demo-cluster"\n\n[\xe2\x84\xb9]  fetching stack events in attempt to troubleshoot the root cause of the failure\n\n[\xe2\x9c\x96]  AWS::IAM::Role/ServiceRole: CREATE_FAILED \xe2\x80\x93\xc2\xa0"Resource creation cancelled"\n\n[\xe2\x9c\x96]  AWS::EC2::InternetGateway/InternetGateway: CREATE_FAILED \xe2\x80\x93\xc2\xa0"The maximum number of internet gateways\n has been reached. (Service: AmazonEC2; Status Code: 400; Error Code: InternetGatewayLimitExceeded; \nRequest ID: e53b2d09-6d4a-4eef-b8ed-b52c1104bb89; Proxy: null)"\n\n[\xe2\x9c\x96]  AWS::EC2::VPC/VPC: CREATE_FAILED \xe2\x80\x93\xc2\xa0"The maximum number of VPCs has been reached. (Service: AmazonEC2; Status Code: 400; Error Code: VpcLimitExceeded; Request ID: e1dca3e9-6134-41d9-92a3-4bf44c0c375f; Proxy: null)"\n\n[\xe2\x9c\x96]  AWS::EC2::EIP/NATIP: CREATE_FAILED \xe2\x80\x93\xc2\xa0"The maximum number of addresses has been reached. (Service: AmazonEC2; Status Code: 400; Error Code: AddressLimitExceeded; Request ID: 50f1e75a-404f-40ff-820a-13a18a3d2f3f; Proxy: null)"\n\n[!]  1 error(s) occurred and cluster hasn't been created properly, you may wish to check CloudFormation console\n\n[\xe2\x84\xb9]  to cleanup resources, run 'eksctl delete cluster --region=us-west-2 --name=my-demo'\n\n[\xe2\x9c\x96]  waiting for CloudFormation stack "eksctl-my-demo-cluster": ResourceNotReady: failed waiting for successful resource state\n

\n

请帮我解决这个问题

\n

Answer 1

创建新集群默认会创建一个新的 VPC。由于每个区域都有 VPC配额，尝试创建新的 VPC 可能会超出配额限制并导致集群创建失败。有几种解决方案：

1. 请求增加配额

• 使用以下命令检查您当前的配额（确保使用正确的区域）：

  aws service-quotas get-service-quota --service-code vpc --quota-code L-F678F1CE --region us-east-1

• 响应应如下所示（在本例中配额为5）：

       "Quota": {
           "ServiceCode": "vpc",
           "ServiceName": "Amazon Virtual Private Cloud (Amazon VPC)",
           "QuotaArn": "arn:aws:servicequotas:us-east-1:570398916848:vpc/L-F678F1CE",
           "QuotaCode": "L-F678F1CE",
           "QuotaName": "VPCs per Region",
           "Value": 5.0,
           "Unit": "None",
           "Adjustable": true,
           "GlobalQuota": false
       }
   }

• 使用以下命令请求增加配额（在本例中，请求针对10）：

  aws service-quotas request-service-quota-increase --service-code vpc --quota-code L-F678F1CE --region us-east-1 --desired-value 10

• 请求获得批准后，您就可以创建集群

2. 在现有VPC上创建集群

• 您需要列出 VPC 中的至少 2 个子网（至少 2 个公共子网或至少 2 个私有子网）

• 例如对于公共子网使用--vpc-public-subnets

• 在你的情况下，命令应该是这样的（我已经升级了 k8s 版本）

   eksctl create cluster \
   --version 1.21 \
   --region us-west-2 \
   --node-type t3.medium \
   --nodes 3 \
   --nodes-min 1 \
   --nodes-max 4 \
   --name my-demo \
   --kubeconfig=$HOME/kubeconfigs/demo-cluster-config.yaml \
   --vpc-public-subnets=subnet-0153e560b3129a696,subnet-0cc9c5aebe75083fd```