当我正常启动节点时,一切工作正常,但是当我尝试使用启动模板启动它时,我在集群内有连接问题。
更具体地说,aws-node pod失败,错误如下:
{"level":"info","caller":"/usr/local/go/src/runtime/proc.go:225","msg":"timeout: failed to connect service ":50051" within 5s"}
在这里挖掘其他帖子,许多人似乎指向我的角色问题,但我的iam角色很好,而且我已经使用相同的角色启动了许多其他节点,它们都成功启动了。
这是我的地形文件:
resource "aws_eks_node_group" "eth-staking-nodes" {
cluster_name = aws_eks_cluster.staking.name
node_group_name = "ethstaking-nodes-testnet"
node_role_arn = aws_iam_role.nodes.arn
subnet_ids = [ data.aws_subnet.private-1.id,
data.aws_subnet.private-2.id
]
scaling_config {
desired_size = 1
max_size = 5
min_size = 0
}
update_config {
max_unavailable = 1
}
labels = {
role = "general"
}
launch_template {
version = aws_launch_template.staking.latest_version
id = aws_launch_template.staking.id
}
depends_on = [
aws_iam_role_policy_attachment.nodes-AmazonEKSWorkerNodePolicy,
aws_iam_role_policy_attachment.nodes-AmazonEKS_CNI_Policy,
aws_iam_role_policy_attachment.nodes-AmazonEC2ContainerRegistryReadOnly,
]
}
esource "aws_launch_template" "staking" {
name = "${var.stage}-staking-node-launch-template"
instance_type = "m5.2xlarge"
image_id = "ami-08712c7468e314435"
key_name = "nivpem"
block_device_mappings {
device_name = "/dev/xvda"
ebs {
volume_size = 450
volume_type = "gp2"
}
}
lifecycle {
create_before_destroy = false
}
vpc_security_group_ids = [aws_security_group.eks-ec2-sg.id]
user_data = base64encode(templatefile("${path.module}/staking_userdata.sh", {
password = "********"
}))
tags = {
"eks:cluster-name" = aws_eks_cluster.staking.name
"eks:nodegroup-name" = "ethstaking-nodes-testnet"
}
tag_specifications {
resource_type = "instance"
tags = {
Name = "${var.stage}-staking-node"
"eks:cluster-name" = aws_eks_cluster.staking.name
"eks:nodegroup-name" = "ethstaking-nodes-testnet"
}
}
}
安全组:
resource "aws_security_group" "eks-ec2-sg" {
name = "eks-ec2-sg-staking-testnet"
vpc_id = data.aws_vpc.vpc.id
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
Name = "allow_tls"
}
}
考虑在您的aws_eks_cluster资源中添加vpc_config,vpc_config和endpoint_public_access设置为true。这应该使它工作,因为你使用的是私有子网。