Hey!
I'm trying to create a nodegroup on an EKS cluster with 1.22 K8S version, using the 3510 Flatcar pro stable.
My nodegroup IAM role contains:
- AmazonEC2ContainerRegistryReadOnly
- AmazonS3ReadOnlyAccess
- AutoScalingFullAccess
- AmazonEKS_CNI_Policy
- AmazonEKSWorkerNodePolicy
I think my security groups config should be fine.
I saw that the nodes fail to join the cluster, and then I SSHed to the machine and ran the bootstrap script. It failed, and that's what I saw in `journalctl -xeu kubelet.service`:
`download-kubelet.sh[3257]: fatal error: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied`
Which is strange, since the IAM configured to the machine should have AmazonS3Read access..
Any ideas on why it could happen?
And that's the userdata I'm using:
```MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==MYBOUNDARY=="
--==MYBOUNDARY==
Content-Type: text/x-shellscript; charset="us-ascii"
#!/bin/bash
mkdir -p /etc/docker
set -ex
/etc/eks/bootstrap.sh {self.name} \
--b64-cluster-ca {self.certificate_authority} \
--apiserver-endpoint {self.api_server_endpoint} \
--dns-cluster-ip {self.dns_cluster_ip} \
--kubelet-extra-args '--max-pods=5' \
--use-max-pods false
--==MYBOUNDARY==--```
Many thanks in advance!