Fresh install to EKS fails with error waiting for KMS Key

[szprutamich]

│ Error: error waiting for KMS Key (d31a6a68-1850-48c3-bd36-ee50363916e7) policy propagation: timeout while waiting for state to become 'TRUE' (last state: 'FALSE', timeout: 5m0s)

also EC2 instances are up and running, but they are not registered to k8s:

kubectl get nodes                
No resources found

used versions:

Initializing provider plugins...
- Reusing previous version of hashicorp/kubernetes from the dependency lock file
- Reusing previous version of hashicorp/null from the dependency lock file
- Reusing previous version of terraform-aws-modules/http from the dependency lock file
- Reusing previous version of hashicorp/random from the dependency lock file
- Reusing previous version of hashicorp/cloudinit from the dependency lock file
- Reusing previous version of hashicorp/helm from the dependency lock file
- Reusing previous version of hashicorp/template from the dependency lock file
- Reusing previous version of hashicorp/aws from the dependency lock file
- Reusing previous version of hashicorp/local from the dependency lock file
- Using previously-installed hashicorp/null v3.1.1
- Using previously-installed hashicorp/helm v2.6.0
- Using previously-installed hashicorp/template v2.2.0
- Using previously-installed hashicorp/local v2.2.3
- Using previously-installed hashicorp/aws v4.25.0
- Using previously-installed hashicorp/kubernetes v2.12.1
- Using previously-installed terraform-aws-modules/http v2.4.1
- Using previously-installed hashicorp/random v3.3.2
- Using previously-installed hashicorp/cloudinit v2.2.0

Terraform has been successfully initialized!

[liya2017]

same issue here. any updates?
BTW: I am installing Jenkins X in an existing EKS cluster , and based on the jx3-gitops-repositories/jx3-eks-asm, so set use_vault to false, create_asm_role and use_asm to true.

[szprutamich]

@liya2017 yes, with setting use_valut to false, use_asm to true, and create_asm_role to true I got rid of the KMS issue, but still, all the process fails with Error: timed out waiting for the condition. It could not start jx-git-operator because there are no nodes being registered.

Trying to install it using existing EKS leads to other issues - jx-git-operator pods end with status Error and most of the pods in the jx namespace cannot be created - some secrets are missing. Because of that, we dropped the idea to migrate to JX 3 and we still use JX 2 for now.

[liya2017]

@liya2017 yes, with setting use_valut to false, use_asm to true, and create_asm_role to true I got rid of the KMS issue, but still, all the process fails with Error: timed out waiting for the condition. It could not start jx-git-operator because there are no nodes being registered.

Trying to install it using existing EKS leads to other issues - jx-git-operator pods end with status Error and most of the pods in the jx namespace cannot be created - some secrets are missing. Because of that, we dropped the idea to migrate to JX 3 and we still use JX 2 for now.

same problem as you, do you have any workaround?

[liya2017]

Hi guys, any updates?

[ChetanGoti]

I'm facing same issue with fresh EKS cluster. (Using vault)

Worker nodes' EC2 instances are created properly, but they are not registered to the cluster. So rest of the bootstrap work fails it seems.

Though I was able to proceed further just by adding Elastic IP addresses to the worker EC2 machines! Once I assigned Elastic IP addresses from AWS console, they were showing up correctly as worker nodes.