You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Launch Self-managed nodes with only authenticationMode set to CONFIG_MAP. For example, Outposts still does not support ACCESS ENTRIES
What happened?
When IAM Role is not specified explicitly, the CFN stack generated by eksctl (tested with 0.173.0 and later) sets NodeGroupUsesAccessEntry to true - due to which the on a cluster with only CONFIG_MAP as access method, the CFN is trying to create Access Entry and failing with error "Resource handler returned message: "The cluster's authentication mode must be set to one of [API, API_AND_CONFIG_MAP] to perform this operation."
The cluster is created successfully, however, the nodegroup stack fails with "Resource handler returned message: "The cluster's authentication mode must be set to one of [API, API_AND_CONFIG_MAP] to perform this operation."
Anything else we need to know?
$ eksctl info
eksctl version: 0.175.0
kubectl version: v1.22.15-eks-fb459a0
OS: linux
The workarounds to fix the issue
Create cluster and nodegroup with 2 different steps while creating the nodegroup by passing the parameter --update-auth-configmap :
Hello uditsidana 👋 Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-5 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website
What were you trying to accomplish?
Launch Self-managed nodes with only authenticationMode set to CONFIG_MAP. For example, Outposts still does not support ACCESS ENTRIES
What happened?
When IAM Role is not specified explicitly, the CFN stack generated by eksctl (tested with 0.173.0 and later) sets NodeGroupUsesAccessEntry to true - due to which the on a cluster with only CONFIG_MAP as access method, the CFN is trying to create Access Entry and failing with error "Resource handler returned message: "The cluster's authentication mode must be set to one of [API, API_AND_CONFIG_MAP] to perform this operation."
How to reproduce it?
eksctl version 0.175.0
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: k8s
version: "1.27"
region: eu-central-1
accessConfig:
bootstrapClusterCreatorAdminPermissions: true
authenticationMode: CONFIG_MAP
nodeGroups:
instanceType: m5.large
desiredCapacity: 1
The cluster is created successfully, however, the nodegroup stack fails with "Resource handler returned message: "The cluster's authentication mode must be set to one of [API, API_AND_CONFIG_MAP] to perform this operation."
Anything else we need to know?
The workarounds to fix the issue
eksctl create cluster -f .yaml
eksctl create nodegroup -f .yaml --update-auth-configmap
The text was updated successfully, but these errors were encountered: