I am new to rancher. I have launch a docker container for rancher.. Rancher UI is available but when I am trying to import EKS it shows "Failed to communicate with cluster: Unauthorized" and in the container log it shows "2022/12/14 12:01:40 [ERROR] error syncing 'c-wbp29': handler eks-operator-controller: Unauthorized, requeuing 2022/12/14 12:01:41 [ERROR] error syncing '_all_': handler user-controllers-controller: failed to start user controllers for cluster c-wbp29: secrets "cattle-global-data/" not found, requeuing 2022/12/14 12:03:41 [ERROR] error syncing 'c-wbp29': handler eks-operator-controller: Unauthorized, requeuing 2022/12/14 12:03:41 [ERROR] error syncing '_all_': handler user-controllers-controller: failed to start user controllers for cluster c-wbp29: secrets "cattle-global-data/" not found, requeuing 2022/12/14 12:04:40 [INFO] checking cluster [c-wbp29] upstream state for changes 2022/12/14 12:04:41 [INFO] cluster [c-wbp29] currently updating, skipping spec sync 2022/12/14 12:04:41 [ERROR] error syncing 'c-wbp29': handler eks-operator-controller: Unauthorized, requeuing 2022/12/14 12:04:41 [ERROR] error syncing 'c-wbp29': handler eks-operator-controller: Unauthorized, requeuing 2022/12/14 12:05:41 [ERROR] error syncing '_all_': handler user-controllers-controller: failed to start user controllers for cluster c-wbp29: secrets "cattle-global-data/" not found, requeuing 2022/12/14 12:06:41 [ERROR] error syncing 'c-wbp29': handler eks-operator-controller: Unauthorized, requeuing 2022/12/14 12:07:41 [ERROR] error syncing '_all_': handler user-controllers-controller: failed to start user controllers for cluster c-wbp29: secrets "cattle-global-data/" not found, requeuing"

You need to create IAM user with permissions from to following doc:

thanks I will give it a try and share the status...Thanks for your help

@calm-exabyte-238 This link https://rancher-users.slack.com/archives/C3ASABBD1/p1671025623437609?thread_ts=1671020807.088559&cid=C3ASABBD1 has too much permissions i believe. What if someone doesn't want rancher to manage

nodegroup

create / delete. just purely able to import the cluster and use rancher UI to navigate to k8s resources. Not questioning your help just we are in a situation where

we deleting some nodegroups

and rancher creating them automatically which is bad and we don't want for our usecase. we are just importing EKS cluster.

Yes i understand. Had the same situation. Just don't give the permissions to create/delete node groups. The minimum permissions that works for me is eks:list/read .... If you just want to use rancher to browse the EKS clusters you can use the snippet below or at least I am using it and it works as expected. Note that i am not in the Rancher team. I am just sharing my experience

{

{

"Sid": "KMSPermisssions",

"Effect": "Allow",

"Action": "kms:ListKeys",

"Resource": "*"

},

{

"Sid": "EKSPermisssions",

"Effect": "Allow",

"Action": [

"eks:UpdateClusterConfig",

"eks:UntagResource",

"eks:TagResource",

"eks:ListUpdates",

"eks:ListTagsForResource",

"eks:ListNodegroups",

"eks:ListFargateProfiles",

"eks:ListClusters",

"eks:DescribeUpdate",

"eks:DescribeNodegroup",

"eks:DescribeFargateProfile",

"eks:DescribeCluster"

],

"Resource": "*"

}

]

}

I thought so but thanks a lot @calm-exabyte-238 i will give it a try. Appreciate the help