启动模板指定了一个iam实例配置文件,节点组有一个组角色arn。基于这个错误,我删除了iam_instance_role参数从我的模板资源块,它仍然给我相同的错误
Launch template mtc should not specify an instance profile. The noderole in your request will be used to construct an instance profile."
resource "aws_launch_template" "node" {
image_id = var.image_id
instance_type = var.instance_type
key_name = var.key_name
instance_initiated_shutdown_behavior = "terminate"
name = var.name
user_data = base64encode("node_userdata.tpl")
# vpc_security_group_ids = var.security_group_ids
block_device_mappings {
device_name = "/dev/sda1"
ebs {
volume_size = 20
}
}
iam_instance_profile {
name = aws_iam_instance_profile.node.name
}
monitoring {
enabled = true
}
}
resource "aws_iam_instance_profile" "node" {
name_prefix = var.name
role = aws_iam_role.node.id
}
resource "aws_iam_role" "node" {
assume_role_policy = data.aws_iam_policy_document.assume_role_ec2.json
name = var.name
}
data "aws_iam_policy_document" "assume_role_ec2" {
statement {
actions = ["sts:AssumeRole"]
effect = "Allow"
principals {
identifiers = ["ec2.amazonaws.com"]
type = "Service"
}
}
}
当我第一次尝试应用这个时,我得到了这个错误,所以我删除了所有的,然后再试一次,不包含实例概要如下:
resource "aws_launch_template" "node" {
image_id = var.image_id
instance_type = var.instance_type
key_name = var.key_name
instance_initiated_shutdown_behavior = "terminate"
name = var.name
user_data = base64encode("node_userdata.tpl")
# vpc_security_group_ids = var.security_group_ids
block_device_mappings {
device_name = "/dev/sda1"
ebs {
volume_size = 20
}
}
monitoring {
enabled = true
}
}
两次都得到相同的错误。这是我的节点组资源块
resource "aws_eks_node_group" "nodes_eks" {
cluster_name = aws_eks_cluster.eks.name
node_group_name = "eks-node-group"
node_role_arn = aws_iam_role.eks_nodes.arn
subnet_ids = module.vpc.private_subnets
# remote_access {
# ec2_ssh_key = aws_key_pair.bastion_auth.id
# }
scaling_config {
desired_size = 3
max_size = 6
min_size = 3
}
ami_type = "CUSTOM"
capacity_type = "ON_DEMAND"
force_update_version = false
# instance_types = [var.instance_type]
labels = {
role = "nodes-pool-1"
}
launch_template {
id = aws_launch_template.node.id
version = aws_launch_template.node.default_version
}
# version = var.k8s_version
depends_on = [
aws_iam_role_policy_attachment.amazon_eks_worker_node_policy,
aws_iam_role_policy_attachment.amazon_eks_cni_policy,
aws_iam_role_policy_attachment.amazon_ec2_container_registry_read_only,
]
}
在这种情况下,有多个点需要注意,从[1]开始:
表示节点组启动模板规范的对象。启动模板不能包含
SubnetId、IamInstanceProfile、RequestSpotInstances、HibernationOptions、TerminateInstances,否则将导致节点组部署或更新失败。
根据文档[2],您不能指定任何:
-
实例配置文件-将使用节点IAM角色
-
子网—
subnet_ids将被使用,它们也在节点配置中定义 -
关闭行为- EKS控制实例生命周期
注意,在表中它说禁止也就是说它永远不能被使用。此外,在[2]中,您还可以找到以下内容:
启动模板中的一些设置类似于用于管理节点配置的设置。在使用启动模板部署或更新节点组时,必须在节点组配置或启动模板中指定某些设置。不要同时指定两个地方。如果设置存在不应该,然后操作,如创建或更新节点组失败。
当你去掉iam_instance_profile的时候,你已经很接近了,但是你仍然需要去掉instance_initiated_shutdown_behavior参数:
resource "aws_launch_template" "node" {
image_id = var.image_id
instance_type = var.instance_type
key_name = var.key_name
name = var.name
user_data = base64encode("node_userdata.tpl")
block_device_mappings {
device_name = "/dev/sda1"
ebs {
volume_size = 20
}
}
monitoring {
enabled = true
}
}
我强烈建议阅读第二篇文档,因为它包含了很多关于使用自定义AMI时该做什么的有用信息。
[1] https://docs.aws.amazon.com/eks/latest/APIReference/API_LaunchTemplateSpecification.html
[2] https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html launch-template-basics