Difference between revisions of "Amazon VPC CNI plugin for Kubernetes: aws-node"
Jump to navigation
Jump to search
↑ https://aws.github.io/aws-eks-best-practices/networking/vpc-cni/#understand-security-context
(→Errors) |
|||
(47 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | Amazon [[VPC]] [[CNI]] plugin for [[Kubernetes]] | |
+ | * https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html | ||
+ | |||
+ | * <code>[[ipamd]] ([[aws-node]])</code> [[Daemonset]] <ref>https://aws.github.io/aws-eks-best-practices/networking/vpc-cni/#understand-security-context</ref> | ||
+ | |||
+ | * Obtain version:<code>[[kubectl describe daemonset aws-node --namespace kube-system]] | grep amazon-k8s-cni: | cut -d : -f 3</code> | ||
+ | * <code>[[aws eks describe-addon --cluster-name]] my-cluster --addon-name vpc-cni [[--query]] addon.addonVersion --output text</code> | ||
− | + | Containers: | |
− | + | {{aws-node containers}} | |
+ | |||
+ | |||
+ | [[kubectl get pods -n kube-system]] | grep [[aws-node]] | ||
+ | aws-node-7wqrv 2/2 Running 0 72d | ||
+ | aws-node-rfld6 2/2 Running 0 26h | ||
+ | aws-node-w75dq 0/2 [[Init:0/1]] 0 26h | ||
+ | |||
+ | [[kubectl logs -n kube-system aws-node]] | ||
+ | kubectl logs -n kube-system aws-node-123 -c [[aws-node]] | ||
+ | kubectl logs -n kube-system aws-node-123 -c [[aws-eks-nodeagent]] | ||
+ | kubectl logs -n kube-system aws-node-123 -c [[aws-vpc-cni-init]] | ||
+ | |||
+ | == Errors == | ||
+ | [[FailedSync]] (507)3.8 mins ago [[error determining status]]: [[rpc error]]: code = Unknown desc = Error: [[No such container]]: 91234567XXXXXXX | ||
+ | |||
+ | aws-node-w75dq 0/2 [[Init:0/1]] 0 26h | ||
+ | |||
+ | Error from server ([[BadRequest]]): container "[[aws-node]]" in pod "aws-node-12345" is waiting to start: [[CreateContainerError]] | ||
+ | |||
+ | kube-system [[aws-node]]-kjz6s 0/2 [[ImageInspectError]] 1 105m 10.111.111.111 ip-10-111-111-111.eu-west-3.compute.internal <none> <none> | ||
+ | |||
+ | == Events == | ||
+ | * <code>[[Liveness probe errored]]</code> | ||
+ | * <code>[[Error: context deadline exceeded]]</code> | ||
== Related == | == Related == | ||
Line 8: | Line 38: | ||
* <code>[[kubectl get daemonset]]</code> | * <code>[[kubectl get daemonset]]</code> | ||
* <code>[[kubectl get serviceaccounts]]</code> | * <code>[[kubectl get serviceaccounts]]</code> | ||
+ | * <code>[[kubectl get pods -n kube-system]]</code> | ||
+ | * <code>[[kubectl set env daemonset -n kube-system]]</code> | ||
+ | * <code>[[sts:AssumeRoleWithWebIdentity]]</code> | ||
+ | * <code>[[eksctl create iamserviceaccount]]</code> | ||
+ | * <code>[[kubectl -n kube-system edit daemonset/aws-node]]</code> | ||
+ | * [[Amazon VPC-CNI: cluster addons]] | ||
+ | * <code>[[kubectl events]]</code>: <code>[[Failed]], [[FailedSync]], [[Unhealthy]], [[Killing]]</code> | ||
== See also == | == See also == | ||
+ | * {{aws-node}} | ||
+ | * {{AWS VPC CNI}} | ||
+ | * {{kube-system}} | ||
* {{CNI}} | * {{CNI}} | ||
− | + | ||
[[Category:EKS]] | [[Category:EKS]] |
Latest revision as of 09:10, 29 February 2024
Amazon VPC CNI plugin for Kubernetes
- Obtain version:
kubectl describe daemonset aws-node --namespace kube-system | grep amazon-k8s-cni: | cut -d : -f 3
aws eks describe-addon --cluster-name my-cluster --addon-name vpc-cni --query addon.addonVersion --output text
Containers:
kubectl get pods -n kube-system | grep aws-node aws-node-7wqrv 2/2 Running 0 72d aws-node-rfld6 2/2 Running 0 26h aws-node-w75dq 0/2 Init:0/1 0 26h
kubectl logs -n kube-system aws-node kubectl logs -n kube-system aws-node-123 -c aws-node kubectl logs -n kube-system aws-node-123 -c aws-eks-nodeagent kubectl logs -n kube-system aws-node-123 -c aws-vpc-cni-init
Contents
Errors[edit]
FailedSync (507)3.8 mins ago error determining status: rpc error: code = Unknown desc = Error: No such container: 91234567XXXXXXX
aws-node-w75dq 0/2 Init:0/1 0 26h
Error from server (BadRequest): container "aws-node" in pod "aws-node-12345" is waiting to start: CreateContainerError
kube-system aws-node-kjz6s 0/2 ImageInspectError 1 105m 10.111.111.111 ip-10-111-111-111.eu-west-3.compute.internal <none> <none>
Events[edit]
Related[edit]
kube-system
kubectl get daemonset
kubectl get serviceaccounts
kubectl get pods -n kube-system
kubectl set env daemonset -n kube-system
sts:AssumeRoleWithWebIdentity
eksctl create iamserviceaccount
kubectl -n kube-system edit daemonset/aws-node
- Amazon VPC-CNI: cluster addons
kubectl events
:Failed, FailedSync, Unhealthy, Killing
See also[edit]
aws-node, ipamd, kubectl logs -n kube-system aws-node
,aws-vpc-cni-init, aws-node, aws-eks-nodeagent
- AWS VPC CNI,
aws-node (ipamd): (aws-node, aws-eks-nodeagent, aws-vpc-cni-init), cluster_addons: vpc-cni
, aws-network-policy-agent:aws-eks-na-cli, AmazonEKS_CNI_Policy
,AmazonEKS_CNI_Policy
kube-system:
kubectl get pods -n kube-system
, kube-dns, aws-node- Kubernetes networking: Container Network Interface (CNI), VPC CNI, Multus CNI, Calico, Flannel
Advertising: