Comments (8)
If anybody else happens to come across this issue, we faced a similar problem. Adding the proper IAM role permissions fixed it, but not until rolling the masters. Kubelet only pulls the authorization token from ECR at initialization, so adding these permissions to your masters' IAM roles won't allow kubelet to get the proper token until the masters have been reinitialized.
from amazon-vpc-cni-k8s.
Upgrading EKS nodecluster to 1.29.0-20240129 fixed the issue
from amazon-vpc-cni-k8s.
@smcquay can you check if your instance role have permission to pull image from ECR registry?
for example,
{
"Sid": "kopsK8sECR",
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:BatchGetImage"
],
"Resource": [
"*"
]
},
from amazon-vpc-cni-k8s.
@liwenwu-amazon I missed that the first time around, but I've added those permissions (and also the L-IPAM
perms while I was at it), but I still cannot seem to hit that url successfully.
I'm trying from us-west-1, but I get the same error when I change to point at a registry in that region, but I get the same Not Authorized
results.
Any ideas?
from amazon-vpc-cni-k8s.
@smcquay , can I take a look at your instance IAM policy? You can send them to me directly at [email protected].
Also, the CNI plugin docker image is ONLY available at us-west-2 region.
from amazon-vpc-cni-k8s.
Information sent; thanks for looking into this!
from amazon-vpc-cni-k8s.
I was able to build the image myself and push it to my own container registry. I'm going to call this resolved.
from amazon-vpc-cni-k8s.
Ran into the same issue. I was able to get around it by doing the same thing @smcquay did.
from amazon-vpc-cni-k8s.
Related Issues (20)
- K3S with AWS VPC CNI breaks Pod communication #9716 HOT 3
- using `amazon-vpc-cni-k8s` outside eks HOT 13
- /run/xtables.lock created as directory when installed with Helm HOT 13
- No additional ENIs are attached after prefix delegation HOT 6
- Configurable log output for the aws-eks-nodeagent in the daemonset HOT 1
- Node created in subnet with low number of IP adresses: failed to assign an IP address to container HOT 2
- Can `AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG` be generalized for multi-homed pods? HOT 2
- Pods stuck in `CrashLoopBackoff` when restarting custom EKS node. HOT 7
- WARM_ENI_TARGET is 1. But worker node ENI 2 (with coredns pods used) HOT 2
- Is it possible to route cluster-ip traffic from EC2 instances (the outside of eks, but same vpc) to EKS HOT 2
- What is the difference between `vX.X.X` and `vX.X.X-eksbuild.x` ? HOT 2
- Upgrading from v1.16.0-eksbuild.1 to v1.17 or v1.18 results in failure to assign IP address to container HOT 9
- RefreshSecurityGroups should only be called on ENIs already checked by the ENI/IP reconciler HOT 3
- Conflicts .data.enable-windows-ipam HOT 2
- Improve VPC CNI memory by reducing number of things it is caching HOT 6
- Pod stuck in `ContainerCreating` status while waiting for an IP address to get assigned HOT 10
- ip addresses leaking when there are too many ip in cooldown pool HOT 2
- Should node agent be opt-in on vpc CNI HOT 2
- Enhanced subnet discovery should use configurable tags
- make generate-limits script failed due to ENI limit mismatch HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from amazon-vpc-cni-k8s.