How to deploy Tanzu Kubernetes Grid 1.2 to AWS using an EC2 Instance profile
Article ID: 317058
Updated On:
Products
VMware Tanzu Kubernetes Grid 1.x
Issue/Introduction
This article outlines the steps needed to perform the Installation of TKG on AWS using an EC2 instance profile
Symptoms:
Symptoms:
- You see messages similar to the following while deploying a Tanzu Kubernetes Grid (TKG) management cluster to AWS:
Logs of the command execution can also be found at: /tmp/tkg-20210218T044714643869323.log
Validating the pre-requisites...
Looking for AWS credentials in the default credentials provider chain
Error: : Tkg configuration validation failed: failed to get AWS client: NoCredentialProviders: no valid providers in chain
caused by: EnvAccessKeyNotFound: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment
SharedCredsLoad: failed to load shared credentials file
caused by: FailedRead: unable to open file
caused by: open /root/.aws/credentials: no such file or directory
EC2RoleRequestError: no EC2 instance role found
caused by: EC2MetadataError: failed to make EC2Metadata request
status code: 404, request id:
caused by: <?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>
Detailed log about the failure can be found at: /tmp/tkg-20210218T044714643869323.log
Validating the pre-requisites...
Looking for AWS credentials in the default credentials provider chain
Error: : Tkg configuration validation failed: failed to get AWS client: NoCredentialProviders: no valid providers in chain
caused by: EnvAccessKeyNotFound: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment
SharedCredsLoad: failed to load shared credentials file
caused by: FailedRead: unable to open file
caused by: open /root/.aws/credentials: no such file or directory
EC2RoleRequestError: no EC2 instance role found
caused by: EC2MetadataError: failed to make EC2Metadata request
status code: 404, request id:
caused by: <?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>
Detailed log about the failure can be found at: /tmp/tkg-20210218T044714643869323.log
Environment
VMware Tanzu Kubernetes Grid Plus 1.x
VMware Tanzu Kubernetes Grid 1.x
VMware Tanzu Kubernetes Grid 1.x
Cause
When you run the tkg init command, as part of the validation process it looks for the AWS_ACCESS_KEY and AWS_ACCESS_KEY_ID values. If these values are not set in the config.yaml file or as environment variables then it looks for the EC2 Instance role needed to bootstrap the cluster
Resolution
Notes:
- If you have the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY values, you can set these as environment variables or as config parameters in the ~/.tkg/config.yaml file and proceed with deploying a management cluster per the documented instructions.
- You can bootstrap the TKG cluster using an EC2 Instance profile but you will need to create the necessary IAM resources prior to bootstrapping the cluster. You can create all needed resources by running the command, tkg config permissions aws. You will still need to have the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY values for this command to succeed.
- Within Amazon AWS, navigate to Cloud Formation, Stacks and click on the Create Stack dropdown. Choose "With new resources (standard)".
- In the Prepare template section, ensure that Template is ready is selected.
- In the Specify template section, click on Upload a template file. Click the Choose file button and then select TKG12_CF_Template.yaml.
- Click the Next button.
- Enter a meaningful name in the Stack name field (tkg-cloud-vmware-com for example). Click the Next button.
- Enter any tags you may want to have associated with the Cloud Formation Stack (or leave them blank). Click the Next button.
- Click the checkbox next to the acknowledgement in the Capabilities section on the Review page. Click the Create stack button.
- Within Amazon AWS, navigate to IAM and click on Roles under IAM Resources. Validate that the following roles have been created:
nodes.tkg.cloud.vmware.com
controllers.tkg.cloud.vmware.com
control-plane.tkg.cloud.vmware.com
controllers.tkg.cloud.vmware.com
control-plane.tkg.cloud.vmware.com
- Within Amazon AWS, navigate to EC2 and click on Instances (running). Select the checkbox next to the instance where you will run the tkg CLI commands.
- Click on the Actions dropdown, navigate to Security and click on Modify IAM role.
- Select the control-plane.tkg.cloud.vmware.com role in the IAM role dropdown list. Click the Save button.
- Use the tkg CLI command in the EC2 instance modified in Steps 6-8 to build the TKG management cluster.
Additional Information
Attachments
Feedback
Yes
No
Powered by
