eksctl-io
[Bug] vpc controller install issue with missing "CertificateSigningRequest"
What were you trying to accomplish?
Installing vpc-controller for windows nodes (eksctl utils install-vpc-controllers )
What happened?
Seems to be a duplicate of #7347 which was autoclosed with no action or resolution. This issue prevents Windows nodes from working in EKS.
How to reproduce it?
Logs
eksctl utils install-vpc-controllers --cluster=clusterName --region=us-west-2 --approve
2024-02-01 10:22:03 [ℹ] using region us-west-2
2024-02-01 10:22:06 [ℹ] 1 task: { 1 task: { update IAMServiceAccount kube-system/vpc-resource-controller } }
2024-02-01 10:22:06 [ℹ] updating policies for IAMServiceAccount kube-system/vpc-resource-controller
2024-02-01 10:22:09 [ℹ] waiting for CloudFormation changeset "updating-policy-*****-****-****-****-************" for stack "eksctl-clusterName-addon-iamserviceaccount-kube-system-vpc-resource-controller"
2024-02-01 10:22:09 [ℹ] nothing to update
2024-02-01 10:22:09 [ℹ] replaced "ClusterRole.rbac.authorization.k8s.io/vpc-resource-controller"
2024-02-01 10:22:10 [ℹ] replaced "ClusterRoleBinding.rbac.authorization.k8s.io/vpc-resource-controller"
W0201 10:22:12.709105 202879 warnings.go:70] spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key: beta.kubernetes.io/os is deprecated since v1.14; use "kubernetes.io/os" instead
W0201 10:22:12.709154 202879 warnings.go:70] spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[1].key: beta.kubernetes.io/arch is deprecated since v1.14; use "kubernetes.io/arch" instead
2024-02-01 10:22:12 [ℹ] created "kube-system:Deployment.apps/vpc-resource-controller"
2024/02/01 10:22:12 [INFO] generate received request
2024/02/01 10:22:12 [INFO] received CSR
2024/02/01 10:22:12 [INFO] generating key: rsa-2048
2024/02/01 10:22:13 [INFO] encoded CSR
Error: error installing VPC controller: creating CertificateSigningRequest: constructing REST client mapping for certificates.k8s.io/v1beta1, Kind=CertificateSigningRequest: no matches for kind "CertificateSigningRequest" in versions ["certificates.k8s.io/" "certificates.k8s.io/v1beta1"]
Versions
$ eksctl info
eksctl version: 0.169.0
kubectl version: v1.25.4
OS: linux
Hello worldhopper :wave: Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-5 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks @worldhopper. Indeed the code seems to be calling deprecated API for CertificateSigningRequest. I'll try to prioritize fixing this soon.
The certificates.k8s.io/v1beta1 API version of CertificateSigningRequest is no longer served as of v1.22. https://kubernetes.io/docs/reference/using-api/deprecation-guide/#certificatesigningrequest-v122
I took closer look at the issue. It seems that the command you used is for Enabling legacy Windows support.
Once your cluster and platform version are at, or later than a version listed in the Prerequisites, we recommend that you remove legacy Windows support and enable it for your control plane.
Have you tried this?
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
This issue was closed because it has been stalled for 5 days with no activity.