https://rancher.com/ logo
#general
Title
# general
l

little-jordan-39170

12/14/2022, 12:26 PM
I am new to rancher. I have launch a docker container for rancher.. Rancher UI is available but when I am trying to import EKS it shows "Failed to communicate with cluster: Unauthorized" and in the container log it shows "2022/12/14 120140 [ERROR] error syncing 'c-wbp29': handler eks-operator-controller: Unauthorized, requeuing 2022/12/14 120141 [ERROR] error syncing '_all_': handler user-controllers-controller: failed to start user controllers for cluster c-wbp29: secrets "cattle-global-data/" not found, requeuing 2022/12/14 120341 [ERROR] error syncing 'c-wbp29': handler eks-operator-controller: Unauthorized, requeuing 2022/12/14 120341 [ERROR] error syncing '_all_': handler user-controllers-controller: failed to start user controllers for cluster c-wbp29: secrets "cattle-global-data/" not found, requeuing 2022/12/14 120440 [INFO] checking cluster [c-wbp29] upstream state for changes 2022/12/14 120441 [INFO] cluster [c-wbp29] currently updating, skipping spec sync 2022/12/14 120441 [ERROR] error syncing 'c-wbp29': handler eks-operator-controller: Unauthorized, requeuing 2022/12/14 120441 [ERROR] error syncing 'c-wbp29': handler eks-operator-controller: Unauthorized, requeuing 2022/12/14 120541 [ERROR] error syncing '_all_': handler user-controllers-controller: failed to start user controllers for cluster c-wbp29: secrets "cattle-global-data/" not found, requeuing 2022/12/14 120641 [ERROR] error syncing 'c-wbp29': handler eks-operator-controller: Unauthorized, requeuing 2022/12/14 120741 [ERROR] error syncing '_all_': handler user-controllers-controller: failed to start user controllers for cluster c-wbp29: secrets "cattle-global-data/" not found, requeuing"
c

calm-exabyte-238

12/14/2022, 1:47 PM
You need to create IAM user with permissions from to following doc:
After that you need to create Cloud Credentials with the access_key and it's secret_key
And finaly when you import/create the EKS you should specify what cloud credentials to be used
l

little-jordan-39170

12/14/2022, 6:30 PM
thanks I will give it a try and share the status...Thanks for your help
🙌 1
a

acceptable-printer-7134

12/19/2022, 5:55 AM
@calm-exabyte-238 This link https://rancher-users.slack.com/archives/C3ASABBD1/p1671025623437609?thread_ts=1671020807.088559&cid=C3ASABBD1 has too much permissions i believe. What if someone doesn't want rancher to manage
nodegroup
create / delete. just purely able to import the cluster and use rancher UI to navigate to k8s resources. Not questioning your help just we are in a situation where
we deleting some nodegroups
and rancher creating them automatically which is bad and we don't want for our usecase. we are just importing EKS cluster.
c

calm-exabyte-238

12/20/2022, 11:22 AM
Yes i understand. Had the same situation. Just don't give the permissions to create/delete node groups. The minimum permissions that works for me is eks:list/read .... If you just want to use rancher to browse the EKS clusters you can use the snippet below or at least I am using it and it works as expected. Note that i am not in the Rancher team. I am just sharing my experience
{
{
"Sid": "KMSPermisssions",
"Effect": "Allow",
"Action": "kms:ListKeys",
"Resource": "*"
},
{
"Sid": "EKSPermisssions",
"Effect": "Allow",
"Action": [
"eks:UpdateClusterConfig",
"eks:UntagResource",
"eks:TagResource",
"eks:ListUpdates",
"eks:ListTagsForResource",
"eks:ListNodegroups",
"eks:ListFargateProfiles",
"eks:ListClusters",
"eks:DescribeUpdate",
"eks:DescribeNodegroup",
"eks:DescribeFargateProfile",
"eks:DescribeCluster"
],
"Resource": "*"
}
]
}
a

acceptable-printer-7134

12/20/2022, 11:24 AM
I thought so but thanks a lot @calm-exabyte-238 i will give it a try. Appreciate the help
❤️ 1
24 Views