I'm fairly new to K8s and learning through AWS EKS. I setup a cluster with:
cd <some dir>
CLUSTER_NAME=k8s-play
eksctl anywhere generate clusterconfig $CLUSTER_NAME --provider docker > $CLUSTER_NAME.yaml
eksctl anywhere create cluster -f $CLUSTER_NAME.yaml
This takes maybe an hour and doesn't finish (no errors in terminal). The AWS EKS learning doc says:
After a few minutes the “cluster created” message will be displayed, which signifies that your Amazon EKS Anywhere cluster was successfully deployed on your local machine.
The output is:
$ eksctl anywhere create cluster -f k8s-play.yaml [7:50:49]
Performing setup and validations
Warning: The docker infrastructure provider is meant for local development and testing only
✅ Docker Provider setup is valid
✅ Validate certificate for registry mirror
✅ Create preflight validations pass
Creating new bootstrap cluster
Provider specific pre-capi-install-setup on bootstrap cluster
Installing cluster-api providers on bootstrap cluster
Provider specific post-setup
Creating new workload cluster
Installing networking on workload cluster
Installing cluster-api providers on workload cluster
collecting cluster diagnostics
collecting management cluster diagnostics
⏳ Collecting support bundle from cluster, this can take a while {"cluster": "bootstrap-cluster", "bundle": "k8s-play/generated/bootstrap-cluster-2024-10-26T08:23:55+11:00-bundle.yaml", "since": 1729887835238682000, "kubeconfig": "k8s-play/generated/k8s-play.kind.kubeconfig"}
Support bundle archive created {"path": "support-bundle-2024-10-25T21_23_56.tar.gz"}
Analyzing support bundle {"bundle": "k8s-play/generated/bootstrap-cluster-2024-10-26T08:23:55+11:00-bundle.yaml", "archive": "support-bundle-2024-10-25T21_23_56.tar.gz"}
Analysis output generated {"path": "k8s-play/generated/bootstrap-cluster-2024-10-26T08:25:20+11:00-analysis.yaml"}
collecting workload cluster diagnostics
⏳ Collecting support bundle from cluster, this can take a while {"cluster": "k8s-play", "bundle": "k8s-play/generated/k8s-play-2024-10-26T08:25:25+11:00-bundle.yaml", "since": 1729887925599414000, "kubeconfig": "k8s-play/k8s-play-eks-a-cluster.kubeconfig"}
I had a look for errors in support-bundle.../logs and there are a lot but I do not know which if any point to the cause, or they are all a reason. The errors are:
$ ag error [16:31:10]
cert-manager/cert-manager-8674857d7b-zgv2b.log
38:I1025 20:52:02.768190 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="re-queuing item due to optimistic locking on resource" "key"="cert-manager-test/selfsigned-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"selfsigned-cert\": the object has been modified; please apply your changes to the latest version and try again"
40:E1025 20:52:02.772058 1 controller.go:133] cert-manager/controller/issuers "msg"="issuer in work queue no longer exists" "error"="issuer.cert-manager.io \"test-selfsigned\" not found"
41:E1025 20:52:02.789005 1 requestmanager_controller.go:136] cert-manager/controller/certificates-request-manager "msg"="certificate not found for key" "error"="certificate.cert-manager.io \"selfsigned-cert\" not found" "key"="cert-manager-test/selfsigned-cert"
42:E1025 20:52:02.789102 1 trigger_controller.go:137] cert-manager/controller/certificates-trigger "msg"="certificate not found for key" "error"="certificate.cert-manager.io \"selfsigned-cert\" not found" "key"="cert-manager-test/selfsigned-cert"
43:E1025 20:52:02.789120 1 revisionmanager_controller.go:106] cert-manager/controller/certificates-revision-manager "msg"="certificate not found for key" "error"="certificate.cert-manager.io \"selfsigned-cert\" not found" "key"="cert-manager-test/selfsigned-cert"
44:E1025 20:52:02.789139 1 readiness_controller.go:142] cert-manager/controller/certificates-readiness "msg"="certificate not found for key" "error"="certificate.cert-manager.io \"selfsigned-cert\" not found" "key"="cert-manager-test/selfsigned-cert"
45:E1025 20:52:02.789199 1 issuing_controller.go:152] cert-manager/controller/certificates-issuing "msg"="certificate not found for key" "error"="certificate.cert-manager.io \"selfsigned-cert\" not found" "key"="cert-manager-test/selfsigned-cert"
46:E1025 20:52:02.956024 1 controller.go:163] cert-manager/controller/certificates-key-manager "msg"="re-queuing item due to error processing" "error"="secrets \"selfsigned-cert-\" is forbidden: unable to create new content in namespace cert-manager-test because it is being terminated" "key"="cert-manager-test/selfsigned-cert"
47:E1025 20:52:02.956070 1 keymanager_controller.go:139] cert-manager/controller/certificates-key-manager "msg"="certificate not found for key" "error"="certificate.cert-manager.io \"selfsigned-cert\" not found" "key"="cert-manager-test/selfsigned-cert"
51:I1025 20:52:03.037561 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="re-queuing item due to optimistic locking on resource" "key"="capi-system/capi-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capi-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
54:I1025 20:52:03.086437 1 controller.go:161] cert-manager/controller/certificates-key-manager "msg"="re..." "key"="capi-system/capi-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capi-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
58:I1025 20:52:03.126360 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="..." "key"="capi-system/capi-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capi-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
60:I1025 20:52:03.136875 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="..." "key"="capi-system/capi-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capi-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
65:I1025 20:52:03.266488 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="..." "key"="capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capi-kubeadm-bootstrap-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
68:I1025 20:52:03.369530 1 controller.go:161] cert-manager/controller/certificates-key-manager "msg"="..." "key"="capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capi-kubeadm-bootstrap-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
73:I1025 20:52:03.395063 1 controller.go:161] cert-manager/controller/certificates-trigger "msg"="re-queuing item due to optimistic locking on resource" "key"="etcdadm-bootstrap-provider-system/etcdadm-bootstrap-provider-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"etcdadm-bootstrap-provider-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
79:I1025 20:52:03.419626 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="..." "key"="capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capi-kubeadm-bootstrap-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
81:I1025 20:52:03.428145 1 controller.go:161] cert-manager/controller/certificates-key-manager "msg"="..." "key"="capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capi-kubeadm-bootstrap-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
85:I1025 20:52:03.534188 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="..." "key"="etcdadm-bootstrap-provider-system/etcdadm-bootstrap-provider-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"etcdadm-bootstrap-provider-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
87:I1025 20:52:03.537428 1 controller.go:161] cert-manager/controller/certificates-issuing "msg"="..." "key"="etcdadm-bootstrap-provider-system/etcdadm-bootstrap-provider-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"etcdadm-bootstrap-provider-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
88:I1025 20:52:03.541702 1 controller.go:161] cert-manager/controller/certificates-key-manager "msg"="re-queuing item due to optimistic locking on resource" "key"="etcdadm-bootstrap-provider-system/etcdadm-bootstrap-provider-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"etcdadm-bootstrap-provider-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
92:I1025 20:52:03.568072 1 controller.go:161] cert-manager/controller/certificates-trigger "msg"="..." "key"="etcdadm-controller-system/etcdadm-controller-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"etcdadm-controller-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
99:I1025 20:52:03.718792 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="..." "key"="etcdadm-controller-system/etcdadm-controller-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"etcdadm-controller-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
101:I1025 20:52:03.723278 1 controller.go:161] cert-manager/controller/certificates-issuing "msg"="..." "key"="etcdadm-controller-system/etcdadm-controller-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"etcdadm-controller-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
102:I1025 20:52:03.727309 1 controller.go:161] cert-manager/controller/certificates-key-manager "msg"="..." "key"="etcdadm-controller-system/etcdadm-controller-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"etcdadm-controller-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
103:E1025 20:52:03.769911 1 readiness_controller.go:142] cert-manager/controller/certificates-readiness "msg"="certificate not found for key" "error"="certificate.cert-manager.io \"selfsigned-cert\" not found" "key"="cert-manager-test/selfsigned-cert"
104:E1025 20:52:03.956955 1 keymanager_controller.go:139] cert-manager/controller/certificates-key-manager "msg"="certificate not found for key" "error"="certificate.cert-manager.io \"selfsigned-cert\" not found" "key"="cert-manager-test/selfsigned-cert"
108:I1025 20:52:04.043249 1 controller.go:161] cert-manager/controller/certificates-trigger "msg"="re-queuing item due to optimistic locking on resource" "key"="capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capi-kubeadm-control-plane-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
115:I1025 20:52:04.163286 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="r..." "key"="capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capi-kubeadm-control-plane-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
117:I1025 20:52:04.170751 1 controller.go:161] cert-manager/controller/certificates-issuing "msg"="..." "key"="capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capi-kubeadm-control-plane-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
118:I1025 20:52:04.172335 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="..." "key"="capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capi-kubeadm-control-plane-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
123:I1025 20:52:04.836824 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="..." "key"="capd-system/capd-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capd-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
126:I1025 20:52:04.951381 1 controller.go:161] cert-manager/controller/certificates-key-manager "msg"="re-queuing item due to optimistic locking on resource" "key"="capd-system/capd-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capd-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
130:I1025 20:52:04.978760 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="..." "key"="capd-system/capd-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capd-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
132:I1025 20:52:04.985399 1 controller.go:161] cert-manager/controller/certificates-readiness "msg"="..." "key"="capd-system/capd-serving-cert" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"capd-serving-cert\": the object has been modified; please apply your changes to the latest version and try again"
kube-system/kube-controller-manager-k8s-play-eks-a-cluster-control-plane.log
9:E1025 20:51:19.247194 1 leaderelection.go:330] error retrieving resource lock kube-system/kube-controller-manager: leases.coordination.k8s.io "kube-controller-manager" is forbidden: User "system:kube-controller-manager" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system"
271:E1025 20:52:07.786800 1 tokens_controller.go:262] error synchronizing serviceaccount cert-manager-test/default: secrets "default-token-kcbjp" is forbidden: unable to create new content in namespace cert-manager-test because it is being terminated
273:W1025 20:52:28.350307 1 endpointslice_controller.go:306] Error syncing endpoint slices for service "capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-webhook-service", retrying. Error: EndpointSlice informer cache is out of date
kube-system/kube-apiserver-k8s-play-eks-a-cluster-control-plane.log
39:E1025 20:51:19.238656 1 controller.go:152] Unable to remove old endpoints from kubernetes service: StorageError: key not found, Code: 1, Key: /registry/masterleases/*HIDDEN*, ResourceVersion: 0, AdditionalErrorMsg:
130:W1025 21:08:30.063246 1 watcher.go:229] watch chan error: etcdserver: mvcc: required revision has been compacted
137:W1025 21:18:03.037553 1 watcher.go:229] watch chan error: etcdserver: mvcc: required revision has been compacted
kube-system/kube-scheduler-k8s-play-eks-a-cluster-control-plane.log
3:W1025 20:51:19.249418 1 authentication.go:345] Error looking up in-cluster authentication configuration: configmaps "extension-apiserver-authentication" is forbidden: User "system:kube-scheduler" cannot get resource "configmaps" in API group "" in the namespace "kube-system"
cert-manager/cert-manager-cainjector-f5b94ccdf-7k9sv.log
44:E1025 20:51:58.672741 1 controller.go:175] cert-manager/secret/mutatingwebhookconfiguration/generic-inject-reconciler "msg"="unable to update target object with new CA data" "error"="Operation cannot be fulfilled on mutatingwebhookconfigurations.admissionregistration.k8s.io "cert-manager-webhook": the object has been modified; please apply your changes to the latest version and try again" "resource_kind"="MutatingWebhookConfiguration" "resource_name"="cert-manager-webhook" "resource_namespace"="" "resource_version"="v1"
45:E1025 20:51:58.672798 1 controller.go:304] cert-manager/secret/mutatingwebhookconfiguration/controller/controller-for-secret-mutatingwebhookconfiguration "msg"="Reconciler error" "error"="Operation cannot be fulfilled on mutatingwebhookconfigurations.admissionregistration.k8s.io "cert-manager-webhook": the object has been modified; please apply your changes to the latest version and try again" "name"="cert-manager-webhook" "namespace"=""
61:E1025 20:52:02.812634 1 sources.go:114] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="unable to fetch associated certificate" "error"="Certificate.cert-manager.io "capi-serving-cert" not found" "certificate"={"Namespace":"capi-system","Name":"capi-serving-cert"} "resource_kind"="CustomResourceDefinition" "resource_name"="clusterclasses.cluster.x-k8s.io" "resource_namespace"="" "resource_version"="v1"
...
115:E1025 20:52:03.031904 1 sources.go:124] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="unable to fetch associated secret" "error"="Secret "capi-webhook-service-cert" not found" "certificate"={"Namespace":"capi-system","Name":"capi-serving-cert"} "resource_kind"="CustomResourceDefinition" "resource_name"="clusterclasses.cluster.x-k8s.io" "resource_namespace"="" "resource_version"="v1" "secret"={"Namespace":"capi-system","Name":"capi-webhook-service-cert"}
...
169:E1025 20:52:03.050701 1 sources.go:124] cert-manager/certificate/mutatingwebhookconfiguration/generic-inject-reconciler "msg"="..." "error"="Secret "capi-webhook-service-cert" not found" "certificate"={"Namespace":"capi-system","Name":"capi-serving-cert"} "resource_kind"="MutatingWebhookConfiguration" "resource_name"="capi-mutating-webhook-configuration" "resource_namespace"="" "resource_version"="v1" "secret"={"Namespace":"capi-system","Name":"capi-webhook-service-cert"}
171:E1025 20:52:03.058308 1 sources.go:124] cert-manager/certificate/validatingwebhookconfiguration/generic-inject-reconciler "msg"="..." "error"="Secret "capi-webhook-service-cert" not found" "certificate"={"Namespace":"capi-system","Name":"capi-serving-cert"} "resource_kind"="ValidatingWebhookConfiguration" "resource_name"="capi-validating-webhook-configuration" "resource_namespace"="" "resource_version"="v1" "secret"={"Namespace":"capi-system","Name":"capi-webhook-service-cert"}
173:E1025 20:52:03.090625 1 sources.go:124] cert-manager/certificate/validatingwebhookconfiguration/generic-inject-reconciler "msg"="..." "error"="Secret "capi-webhook-service-cert" not found" "certificate"={"Namespace":"capi-system","Name":"capi-serving-cert"} "resource_kind"="ValidatingWebhookConfiguration" "resource_name"="capi-validating-webhook-configuration" "resource_namespace"="" "resource_version"="v1" "secret"={"Namespace":"capi-system","Name":"capi-webhook-service-cert"}
175:E1025 20:52:03.090627 1 sources.go:124] cert-manager/certificate/mutatingwebhookconfiguration/generic-inject-reconciler "msg"="..." "error"="Secret "capi-webhook-service-cert" not found" "certificate"={"Namespace":"capi-system","Name":"capi-serving-cert"} "resource_kind"="MutatingWebhookConfiguration" "resource_name"="capi-mutating-webhook-configuration" "resource_namespace"="" "resource_version"="v1" "secret"={"Namespace":"capi-system","Name":"capi-webhook-service-cert"}
177:E1025 20:52:03.091687 1 sources.go:124] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="..." "error"="Secret "capi-webhook-service-cert" not found" "certificate"={"Namespace":"capi-system","Name":"capi-serving-cert"} "resource_kind"="CustomResourceDefinition" "resource_name"="clusterclasses.cluster.x-k8s.io" "resource_namespace"="" "resource_version"="v1" "secret"={"Namespace":"capi-system","Name":"capi-webhook-service-cert"}
...
195:E1025 20:52:03.104518 1 sources.go:114] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="unable to fetch associated certificate" "error"="Certificate.cert-manager.io "capi-kubeadm-bootstrap-serving-cert" not found" "certificate"={"Namespace":"capi-kubeadm-bootstrap-system","Name":"capi-kubeadm-bootstrap-serving-cert"} "resource_kind"="CustomResourceDefinition" "resource_name"="kubeadmconfigs.bootstrap.cluster.x-k8s.io" "resource_namespace"="" "resource_version"="v1"
215:E1025 20:52:03.266486 1 sources.go:124] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="unable to fetch associated secret" "error"="Secret "capi-kubeadm-bootstrap-webhook-service-cert" not found" "certificate"={"Namespace":"capi-kubeadm-bootstrap-system","Name":"capi-kubeadm-bootstrap-serving-cert"} "resource_kind"="CustomResourceDefinition" "resource_name"="kubeadmconfigs.bootstrap.cluster.x-k8s.io" "resource_namespace"="" "resource_version"="v1" "secret"={"Namespace":"capi-kubeadm-bootstrap-system","Name":"capi-kubeadm-bootstrap-webhook-service-cert"}
218:E1025 20:52:03.272898 1 sources.go:124] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="unable to fetch associated secret" "error"="..." "certificate"={"Namespace":"capi-kubeadm-bootstrap-system","Name":"capi-kubeadm-bootstrap-serving-cert"} "resource_kind"="CustomResourceDefinition" "resource_name"="kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io" "resource_namespace"="" "resource_version"="v1" "secret"={"Namespace":"capi-kubeadm-bootstrap-system","Name":"capi-kubeadm-bootstrap-webhook-service-cert"}
...
331:E1025 20:52:04.100442 1 sources.go:114] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="unable to fetch associated certificate" "error"="Certificate.cert-manager.io "capd-serving-cert" not found" "certificate"={"Namespace":"capd-system","Name":"capd-serving-cert"} "resource_kind"="CustomResourceDefinition" "resource_name"="dockerclusters.infrastructure.cluster.x-k8s.io" "resource_namespace"="" "resource_version"="v1"
...
343:E1025 20:52:04.120411 1 sources.go:124] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="unable to fetch associated secret" "error"="Secret "capi-kubeadm-control-plane-webhook-service-cert" not found" "certificate"={"Namespace":"capi-kubeadm-control-plane-system","Name":"capi-kubeadm-control-plane-serving-cert"} "resource_kind"="CustomResourceDefinition" "resource_name"="kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io" "resource_namespace"="" "resource_version"="v1" "secret"={"Namespace":"capi-kubeadm-control-plane-system","Name":"capi-kubeadm-control-plane-webhook-service-cert"}
359:E1025 20:52:04.711835 1 sources.go:114] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="unable to fetch associated certificate" "error"="Certificate.cert-manager.io "capd-serving-cert" not found" "certificate"={"Namespace":"capd-system","Name":"capd-serving-cert"} "resource_kind"="CustomResourceDefinition" "resource_name"="dockerclustertemplates.infrastructure.cluster.x-k8s.io" "resource_namespace"="" "resource_version"="v1"
...
383:E1025 20:52:04.829939 1 sources.go:124] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="unable to fetch associated secret" "error"="Secret "capd-webhook-service-cert" not found" "certificate"={"Namespace":"capd-system","Name":"capd-serving-cert"} "resource_kind"="CustomResourceDefinition" "resource_name"="dockerclusters.infrastructure.cluster.x-k8s.io" "resource_namespace"="" "resource_version"="v1" "secret"={"Namespace":"capd-system","Name":"capd-webhook-service-cert"}
...
413:E1025 20:52:04.848016 1 sources.go:124] cert-manager/certificate/mutatingwebhookconfiguration/generic-inject-reconciler "msg"="..." "error"="Secret "capd-webhook-service-cert" not found" "certificate"={"Namespace":"capd-system","Name":"capd-serving-cert"} "resource_kind"="MutatingWebhookConfiguration" "resource_name"="capd-mutating-webhook-configuration" "resource_namespace"="" "resource_version"="v1" "secret"={"Namespace":"capd-system","Name":"capd-webhook-service-cert"}
415:E1025 20:52:04.855050 1 sources.go:124] cert-manager/certificate/validatingwebhookconfiguration/generic-inject-reconciler "msg"="..." "error"="Secret "capd-webhook-service-cert" not found" "certificate"={"Namespace":"capd-system","Name":"capd-serving-cert"} "resource_kind"="ValidatingWebhookConfiguration" "resource_name"="capd-validating-webhook-configuration" "resource_namespace"="" "resource_version"="v1" "secret"={"Namespace":"capd-system","Name":"capd-webhook-service-cert"}
...
capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-controller-manager-68b4c848dc-f7tfn.log
37:E1025 20:52:58.401912 1 controller.go:242] controller/kubeadmcontrolplane "msg"="Failed to update KubeadmControlPlane Status" "error"="failed to create remote cluster client: error creating client and cache for remote cluster: error creating dynamic rest mapper for remote cluster "eksa-system/k8s-play": context deadline exceeded" "cluster"="k8s-play" "name"="k8s-play" "namespace"="eksa-system" "reconciler group"="controlplane.cluster.x-k8s.io" "reconciler kind"="KubeadmControlPlane"
38:E1025 20:52:58.428989 1 controller.go:317] controller/kubeadmcontrolplane "msg"="Reconciler error" "error"="..." "name"="k8s-play" "namespace"="eksa-system" "reconciler group"="controlplane.cluster.x-k8s.io" "reconciler kind"="KubeadmControlPlane"
40:E1025 20:53:18.603785 1 controller.go:242] controller/kubeadmcontrolplane "msg"="Failed to update KubeadmControlPlane Status" "error"="..." "cluster"="k8s-play" "name"="k8s-play" "namespace"="eksa-system" "reconciler group"="controlplane.cluster.x-k8s.io" "reconciler kind"="KubeadmControlPlane"
41:E1025 20:53:18.632466 1 controller.go:317] controller/kubeadmcontrolplane "msg"="Reconciler error" "error"="..." "name"="k8s-play" "namespace"="eksa-system" "reconciler group"="controlplane.cluster.x-k8s.io" "reconciler kind"="KubeadmControlPlane"
etcdadm-bootstrap-provider-system/etcdadm-bootstrap-provider-controller-manager-664f699b7c-9gth9.log
43:1.7298895614229357e+09 INFO controllers.EtcdadmConfig bootstrap data secret for EtcdadmConfig already exists, updating {"secretError": "json: unsupported type: func(string, secret.Purpose) string", "EtcdadmConfig": "k8s-play-etcd-vvb65"}
Help appreciated!
Terminal command completed with error - like Peter in commented suggested, it is cert manager.
Error: initializing capi resources in cluster: executing init: Fetching providers
Using Override="core-components.yaml" Provider="cluster-api" Version="v1.1.3+9999d58"
Using Override="bootstrap-components.yaml" Provider="bootstrap-kubeadm" Version="v1.1.3+e448518"
Using Override="bootstrap-components.yaml" Provider="bootstrap-etcdadm-bootstrap" Version="v1.0.0-rc6+eece35c"
Using Override="bootstrap-components.yaml" Provider="bootstrap-etcdadm-controller" Version="v1.0.0-rc9+45b432d"
Using Override="control-plane-components.yaml" Provider="control-plane-kubeadm" Version="v1.1.3+9e13ae0"
Using Override="infrastructure-components-development.yaml" Provider="infrastructure-docker" Version="v1.1.3+736b241"
Installing cert-manager Version="v1.5.3+c34401d"
Using Override="cert-manager.yaml" Provider="cert-manager" Version="v1.5.3+c34401d"
Waiting for cert-manager to be available...
Error: timed out waiting for the condition
I am going to try with minikube to eliminate AWS EKS issues.
minikube worked just fine (https://kubernetes.io/docs/tutorials/hello-minikube/) so the issue is with AWS EKS.
