eksctl stuck on Waiting for Nodes to join the cluster

Question

When using eksctl to create Kubernetes cluster using AWS EKS, the process get stuck waiting for the nodes to join the cluster:

nodegroup "my-cluster" has 0 node(s)
waiting for at least 3 node(s) to become ready in “my-cluster”
timed out (after 25m0s) waiting for at least 3 nodes to join the cluster and become ready in "my-cluster"

The message is displayed, without any additional logs, until the process eventually times out. It looks like behind the scenes, the newly created nodes are unable to communicate with the Kubernetes cluster

Hi, I understand this is an old thread, but I encounter the same issue and I fail to solve it. I created a VPC with the Cloudformation template from (https://aws.amazon.com/premiumsupport/knowledge-center/eks-cluster-node-group-private-network/) and I used the config.yaml in the same document but got stuck at `'2021-06-08 03:31:30 [ℹ] waiting for requested "EndpointAccessUpdate" in cluster "t3" to succeed'` — Barry Chum, Jun 08 '21 at 03:49

score 5 · Accepted Answer · answered Oct 23 '19 at 15:19

When using an existing VPC network, you have to make sure that the VPC conforms with all EKS-specific requirements [1, 2]. The blog post by logz.io provides detailed guidance on setting up a VPC network, as well as an example AWS Cloud Formation template that you can use as the basis [3]. Missing IAM Policies The AmazonEKSWorkerNodePolicy and AmazonEKS_CNI_Policy policies [4] are required by the EKS worker nodes to be able to communicate with the cluster.

By default, eksctl automatically generates a role containing these policies. However, when you use “attachPolicyARNs” property to attach specific policies by ARN, you have to include these policies explicitly [5]:

nodeGroups:
 - name: my-special-nodegroup
  iam:
   attachPolicyARNs:
    - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
    - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
    - arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess

[1] https://docs.aws.amazon.com/eks/latest/userguide/create-public-private-vpc.html

[2] https://eksctl.io/usage/vpc-networking

[3] https://logz.io/blog/amazon-eks

[4] https://docs.aws.amazon.com/eks/latest/userguide/worker_node_IAM_role.html

5] https://eksctl.io/usage/iam-policies/

Solution by twitter.com/vladikk, - Senior Cloud Architect at DoiT International — DoiT International, Oct 23 '19 at 15:24
I think the link you referenced from logz.io doesn't even use eksctl, and furthermore, their solution is to run another cloudformation script that builds a new VPC. I don't see how this is an accepted answer — wkhatch, Dec 14 '21 at 20:19

score 0 · Answer 2 · answered Oct 02 '20 at 06:15

I face the same issue and found the real cause of this issue.

The issue is with the created VPC. I have also created the VPC and subnets but I have not created the route table and internet gate which was causing the issue.

Issue got resolved,once mapped the route table and internet gateway.

score 0 · Answer 3 · answered Mar 23 '23 at 13:44

I was getting similar error while adding two nodegroups in each private and public subnet. The issue got fixed after enabling "Enable auto-assign public IPv4 address" in the public subnet configuration.

VPC - subnets - select public subnet on which nodegroup is being added - edit subnet settings - enable the option mentioned above.

eksctl stuck on Waiting for Nodes to join the cluster

3 Answers3