Cluster never comes available after moving to 9.0.0 #757
Comments
robgeiner
changed the title
|
wget --no-check-certificate -O - $ENDPOINT/healthz curl -k -s $ENDPOINT/healthz |
|
What is your wget version ? can you please share your wget output in debug mode |
|
wget --debug --no-check-certificate -O - https://2157EAD4C8AB1C95957XXXXXXXXXXXXX.gr7.us-east-1.eks.amazonaws.com/healthz Reading HSTS entries from /Users/geiner/.wget-hsts |
|
It looks that AWS API endpoint accepts only TLS 1.2 protocol which is case here. Your Wget version looks to be 1.17.1 which is from 2015, so quite old. I have checked GNU Wget 1.18 and newer which are working as expected. So you should update wget or you can return to previous method via overwriting default value for |
|
Yes as @daroga0002 mentioned, you're trying to do TLS 1.0 instead of TLS 1.2. Upgrade your wget or use curl please. @robgeiner Closing this. Feel free to reopen this issue if #757 (comment) doesn't help. |
|
@robgeiner I am a terraform noob here. I am following this - to make it work without failing for wget. Thanks |
|
@hiteshjoshi1 for example into this line of example main.tf file: terraform-aws-eks/examples/basic/main.tf Line 129 in 7afecf6 |
|
Yep, what @daroga0002 said. For example, |
|
Thanks it worked. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
After moving to 9.0.0, the cluster availability check in null_resource.wait_for_cluster fails to detect when the cluster becomes available. The result is the is that it spins forever waiting. This appears to be related to 750
Workaround is to override the wait_for_cluster_cmd and use the default value prior to 750 e.g.
wait_for_cluster_cmd = "until curl -k -s $ENDPOINT/healthz >/dev/null; do sleep 4; done"
I'm submitting a...
What is the current behavior?
module.eks.module.cluster.null_resource.wait_for_cluster[0]: Still creating... [20s elapsed]
module.eks.module.cluster.null_resource.wait_for_cluster[0]: Still creating... [30s elapsed]
...
module.eks.module.cluster.null_resource.wait_for_cluster[0]: Still creating... [1h0m42s elapsed]
module.eks.module.cluster.null_resource.wait_for_cluster[0]: Still creating... [1h0m52s elapsed]
eventually times out
If this is a bug, how to reproduce? Please include a code sample if relevant.
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "9.0.0"
cluster_name = local.eks_cluster_name
cluster_version = var.eks_k8s_version
subnets = var.private_subnet_ids
vpc_id = var.vpc_id
enable_irsa = true
tags = merge(var.eks_tags,local.env_tags)
cluster_enabled_log_types = var.cluster_enabled_log_types
cluster_log_retention_in_days = var.cluster_log_retention_in_days
workers_additional_policies = concat(["${aws_iam_policy.alb_ingress_node_policy.id}","arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy","arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"],var.workers_additional_policies)
workers_group_defaults = var.workers_group_defaults
worker_groups_launch_template = var.worker_groups_launch_template
node_groups_defaults = var.node_groups_defaults
node_groups = var.node_groups
manage_aws_auth = true
map_roles = [
{
rolearn = data.aws_iam_role.sso_admin.arn
username = "sso-admin"
groups = ["system:masters"]
},
{
rolearn = data.aws_iam_role.sso_pu.arn
username = "sso-pu"
groups = ["system:masters"]
},
{
rolearn = data.aws_iam_role.sso_ro.arn
username = "sso-ro"
groups = ["system:authenticated"]
},
]
}
What's the expected behavior?
Are you able to fix this problem and submit a PR? Link here if you have already.
Environment details
Any other relevant info
The text was updated successfully, but these errors were encountered: