Error Creating aws EKS Kubernetes cluster using eksctl

Question

I try to run below code and create aws eks kubernetes cluster using eksctl,

$ eksctl create cluster \
  --version 1.14 \
  --region us-west-2 \
  --node-type t3.medium \
  --nodes 3 \
  --nodes-min 1 \
  --nodes-max 4 \
  --name my-demo \
  --kubeconfig=$HOME/kubeconfigs/demo-cluster-config.yaml



as a result I got below errors,

[ℹ]  eksctl version 0.35.0

[ℹ]  using region us-west-2

[ℹ]  setting availability zones to [us-west-2b us-west-2a us-west-2c]

[ℹ]  subnets for us-west-2b - public:192.168.0.0/19 private:192.168.96.0/19

[ℹ]  subnets for us-west-2a - public:192.168.32.0/19 private:192.168.128.0/19

[ℹ]  subnets for us-west-2c - public:192.168.64.0/19 private:192.168.160.0/19

[ℹ]  nodegroup "ng-6c4aa136" will use "ami-0f9f033f2355ab1f8" [AmazonLinux2/1.18]

[ℹ]  using Kubernetes version 1.18

[ℹ]  creating EKS cluster "my-demo" in "us-west-2" region with un-managed nodes

[ℹ]  will create 2 separate CloudFormation stacks for cluster itself and the initial nodegroup

[ℹ]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-west-2 --cluster=my-demo'

[ℹ]  CloudWatch logging will not be enabled for cluster "my-demo" in "us-west-2"

[ℹ]  you can enable it with 'eksctl utils update-cluster-logging --enable-types={SPECIFY-YOUR-LOG-TYPES-HERE (e.g. all)} --region=us-west-2 --cluster=my-demo'

[ℹ]  Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "my-demo" in "us-west-2"

[ℹ]  2 sequential tasks: { create cluster control plane "my-demo", 3 sequential sub-tasks: { no tasks, create addons, create nodegroup "ng-6c4aa136" } }

[ℹ]  building cluster stack "eksctl-my-demo-cluster"

[ℹ]  deploying stack "eksctl-my-demo-cluster"

[✖]  unexpected status "ROLLBACK_IN_PROGRESS" while waiting for CloudFormation stack "eksctl-my-demo-cluster"

[ℹ]  fetching stack events in attempt to troubleshoot the root cause of the failure

[✖]  AWS::IAM::Role/ServiceRole: CREATE_FAILED – "Resource creation cancelled"

[✖]  AWS::EC2::InternetGateway/InternetGateway: CREATE_FAILED – "The maximum number of internet gateways
 has been reached. (Service: AmazonEC2; Status Code: 400; Error Code: InternetGatewayLimitExceeded; 
Request ID: e53b2d09-6d4a-4eef-b8ed-b52c1104bb89; Proxy: null)"

[✖]  AWS::EC2::VPC/VPC: CREATE_FAILED – "The maximum number of VPCs has been reached. (Service: AmazonEC2; Status Code: 400; Error Code: VpcLimitExceeded; Request ID: e1dca3e9-6134-41d9-92a3-4bf44c0c375f; Proxy: null)"

[✖]  AWS::EC2::EIP/NATIP: CREATE_FAILED – "The maximum number of addresses has been reached. (Service: AmazonEC2; Status Code: 400; Error Code: AddressLimitExceeded; Request ID: 50f1e75a-404f-40ff-820a-13a18a3d2f3f; Proxy: null)"

[!]  1 error(s) occurred and cluster hasn't been created properly, you may wish to check CloudFormation console

[ℹ]  to cleanup resources, run 'eksctl delete cluster --region=us-west-2 --name=my-demo'

[✖]  waiting for CloudFormation stack "eksctl-my-demo-cluster": ResourceNotReady: failed waiting for successful resource state

please help me to solve this problem

Answer 1

Creating a new cluster creates a new VPC by default. Since there is a VPC quota per region, trying to create a new VPC might exceed the quota limit and fail the cluster creation. There are a couple of solutions:

1. Request a quota increase

• Check your current quota (make sure to use the right region) using:

  aws service-quotas get-service-quota --service-code vpc --quota-code L-F678F1CE --region us-east-1

• The response should look like this (in this case the quota is 5):

       "Quota": {
           "ServiceCode": "vpc",
           "ServiceName": "Amazon Virtual Private Cloud (Amazon VPC)",
           "QuotaArn": "arn:aws:servicequotas:us-east-1:570398916848:vpc/L-F678F1CE",
           "QuotaCode": "L-F678F1CE",
           "QuotaName": "VPCs per Region",
           "Value": 5.0,
           "Unit": "None",
           "Adjustable": true,
           "GlobalQuota": false
       }
   }

• Request a quota increase using the following (in this case the request is for 10):

  aws service-quotas request-service-quota-increase --service-code vpc --quota-code L-F678F1CE --region us-east-1 --desired-value 10

• Once the request is approved, you can create your cluster

2. Create the cluster on an existing VPC

• You'll need to list at least 2 subnets from your VPC (2 public or 2 private an least)

• For example for public subnets use --vpc-public-subnets

• In your case the command should look like this (I've upgraded the k8s version)

   eksctl create cluster \
   --version 1.21 \
   --region us-west-2 \
   --node-type t3.medium \
   --nodes 3 \
   --nodes-min 1 \
   --nodes-max 4 \
   --name my-demo \
   --kubeconfig=$HOME/kubeconfigs/demo-cluster-config.yaml \
   --vpc-public-subnets=subnet-0153e560b3129a696,subnet-0cc9c5aebe75083fd```
  
  

Answer 2

Another thing I'd like to point out is that you're trying to create a cluster with version 1.14, which is not supported. That, however, is not the cause of the failure you are experiencing; @samtoddler's answer is correct.

Answer 3

You have reached VPC Quota

Raise the quota by creating a ticket with AWS Support or delete other VPCs in the account.

From these errors

[✖] AWS::EC2::VPC/VPC: CREATE_FAILED – "The maximum number of VPCs has been reached. (Service: AmazonEC2; Status Code: 400; Error Code: VpcLimitExceeded; Request ID: e1dca3e9-6134-41d9-92a3-4bf44c0c375f; Proxy: null)"

[✖] AWS::EC2::EIP/NATIP: CREATE_FAILED – "The maximum number of addresses has been reached. (Service: AmazonEC2; Status Code: 400; Error Code: AddressLimitExceeded; Request ID: 50f1e75a-404f-40ff-820a-13a18a3d2f3f; Proxy: null)"

[✖] AWS::EC2::InternetGateway/InternetGateway: CREATE_FAILED – "The maximum number of internet gateways has been reached. (Service: AmazonEC2; Status Code: 400; Error Code: InternetGatewayLimitExceeded; Request ID: e53b2d09-6d4a-4eef-b8ed-b52c1104bb89; Proxy: null)"