New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The Vpc Endpoint Service 'com.amazonaws.eu-south-1.ecr.dkr' does not exist (private cluster) #3133
Comments
(pasting in from other issue to keep context in this thread)
@AndreaGal95 someone should get to it today |
The
(Although the These endpoints are required for a fully-private cluster to work because ECR hosts the manifest for the container images for the CNI plugin and other AWS addons. It might be the case that these endpoints are not supported in that region, or need to be explicitly enabled somehow. |
Consider that I have directly changed on the AWS Console the fact that the cluster is entirely private and everything works fine. |
@AndreaGal95, I believe you merely changed the The fully-private cluster feature in eksctl also launches your nodegroups in fully-private subnets that have no route to an internet gateway (either directly or via a NAT gateway). In order to support this, it uses VPC endpoints. |
Looking at https://docs.aws.amazon.com/general/latest/gr/ecr.html#ecr_region it appears there is no ECR DKR service at all for |
@AndreaGal95 Update: VPC endpoints for ECR are not supported in |
@cPu1 can we have a warning in the docs for that as well plz? |
The error message has been improved to reflect that the region isn't supported. We have notified AWS about the issue, however, since this isn't a bug in eksctl, I'm closing it. |
Reported by @AndreaGal95 in #3081
What were you trying to accomplish?
Trying to create a cluster in
eu-south-1
regionWhat happened?
Failed with:
How to reproduce it?
Create a cluster in region
eu-south-1
Config:
Logs
Versions
0.36.1
The text was updated successfully, but these errors were encountered: