Closed
Description
What were you trying to accomplish?
Create new 1.33 cluster with default nodegroup, or create default nodegroup for an existing 1.33 cluster
What happened?
Cluster creation succeeded but default nodegroup failed. Creating a default nodegroup also fails.
The nodegroup default OS is still AL2 with 1.33, though there is a clear warning message that it is no longer supported.
eksctl create cluster --name=benetar --region=us-west-2 --version 1.33
2025-06-02 16:25:56 [ℹ] eksctl version 0.208.0-dev+bcdd6ecb0.2025-05-12T20:08:12Z
2025-06-02 16:25:56 [ℹ] using region us-west-2
2025-06-02 16:25:56 [!] Amazon EKS will no longer publish EKS-optimized Amazon Linux 2 (AL2) AMIs after November 26th, 2025. Additionally, Kubernetes version 1.32 is the last version for which Amazon EKS will release AL2 AMIs. From version 1.33 onwards, Amazon EKS will continue to release AL2023 and Bottlerocket based AMIs. The default AMI family when creating clusters and nodegroups in Eksctl will be changed to AL2023 in the future.
2025-06-02 16:25:57 [ℹ] setting availability zones to [us-west-2a us-west-2b us-west-2c]
2025-06-02 16:25:57 [ℹ] subnets for us-west-2a - public:192.168.0.0/19 private:192.168.96.0/19
2025-06-02 16:25:57 [ℹ] subnets for us-west-2b - public:192.168.32.0/19 private:192.168.128.0/19
2025-06-02 16:25:57 [ℹ] subnets for us-west-2c - public:192.168.64.0/19 private:192.168.160.0/19
2025-06-02 16:25:57 [ℹ] nodegroup "ng-69f7b844" will use "" [AmazonLinux2/1.33]
2025-06-02 16:25:57 [ℹ] using Kubernetes version 1.33
2025-06-02 16:25:57 [ℹ] creating EKS cluster "benetar" in "us-west-2" region with managed nodes
2025-06-02 16:25:57 [ℹ] will create 2 separate CloudFormation stacks for cluster itself and the initial managed nodegroup
2025-06-02 16:25:57 [ℹ] if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-west-2 --cluster=benetar'
2025-06-02 16:25:57 [ℹ] Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "benetar" in "us-west-2"
2025-06-02 16:25:57 [ℹ] CloudWatch logging will not be enabled for cluster "benetar" in "us-west-2"
2025-06-02 16:25:57 [ℹ] you can enable it with 'eksctl utils update-cluster-logging --enable-types={SPECIFY-YOUR-LOG-TYPES-HERE (e.g. all)} --region=us-west-2 --cluster=benetar'
2025-06-02 16:25:57 [ℹ] default addons metrics-server, vpc-cni, kube-proxy, coredns were not specified, will install them as EKS addons
2025-06-02 16:25:57 [ℹ]
2 sequential tasks: { create cluster control plane "benetar",
2 sequential sub-tasks: {
2 sequential sub-tasks: {
1 task: { create addons },
wait for control plane to become ready,
},
create managed nodegroup "ng-69f7b844",
}
}
2025-06-02 16:25:57 [ℹ] building cluster stack "eksctl-benetar-cluster"
2025-06-02 16:25:58 [ℹ] deploying stack "eksctl-benetar-cluster"
2025-06-02 16:26:28 [ℹ] waiting for CloudFormation stack "eksctl-benetar-cluster"
2025-06-02 16:26:58 [ℹ] waiting for CloudFormation stack "eksctl-benetar-cluster"
2025-06-02 16:27:59 [ℹ] waiting for CloudFormation stack "eksctl-benetar-cluster"
2025-06-02 16:28:59 [ℹ] waiting for CloudFormation stack "eksctl-benetar-cluster"
2025-06-02 16:30:00 [ℹ] waiting for CloudFormation stack "eksctl-benetar-cluster"
2025-06-02 16:31:01 [ℹ] waiting for CloudFormation stack "eksctl-benetar-cluster"
2025-06-02 16:32:02 [ℹ] waiting for CloudFormation stack "eksctl-benetar-cluster"
2025-06-02 16:33:02 [ℹ] waiting for CloudFormation stack "eksctl-benetar-cluster"
2025-06-02 16:33:05 [ℹ] creating addon: metrics-server
2025-06-02 16:33:05 [ℹ] successfully created addon: metrics-server
2025-06-02 16:33:06 [!] recommended policies were found for "vpc-cni" addon, but since OIDC is disabled on the cluster, eksctl cannot configure the requested permissions; the recommended way to provide IAM permissions for "vpc-cni" addon is via pod identity associations; after addon creation is completed, add all recommended policies to the config file, under `addon.PodIdentityAssociations`, and run `eksctl update addon`
2025-06-02 16:33:06 [ℹ] creating addon: vpc-cni
2025-06-02 16:33:06 [ℹ] successfully created addon: vpc-cni
2025-06-02 16:33:06 [ℹ] creating addon: kube-proxy
2025-06-02 16:33:07 [ℹ] successfully created addon: kube-proxy
2025-06-02 16:33:07 [ℹ] creating addon: coredns
2025-06-02 16:33:08 [ℹ] successfully created addon: coredns
2025-06-02 16:35:10 [ℹ] building managed nodegroup stack "eksctl-benetar-nodegroup-ng-69f7b844"
2025-06-02 16:35:11 [ℹ] deploying stack "eksctl-benetar-nodegroup-ng-69f7b844"
2025-06-02 16:35:11 [ℹ] waiting for CloudFormation stack "eksctl-benetar-nodegroup-ng-69f7b844"
2025-06-02 16:35:41 [ℹ] waiting for CloudFormation stack "eksctl-benetar-nodegroup-ng-69f7b844"
2025-06-02 16:36:32 [ℹ] waiting for CloudFormation stack "eksctl-benetar-nodegroup-ng-69f7b844"
2025-06-02 16:36:32 [!] 1 error(s) occurred and cluster hasn't been created properly, you may wish to check CloudFormation console
2025-06-02 16:36:32 [ℹ] to cleanup resources, run 'eksctl delete cluster --region=us-west-2 --name=benetar'
2025-06-02 16:36:32 [✖] waiter state transitioned to Failure
Error: failed to create cluster "benetar"
eksctl create nodegroup --cluster benetar --region us-west-2
2025-06-03 07:34:53 [!] Amazon EKS will no longer publish EKS-optimized Amazon Linux 2 (AL2) AMIs after November 26th, 2025. Additionally, Kubernetes version 1.32 is the last version for which Amazon EKS will release AL2 AMIs. From version 1.33 onwards, Amazon EKS will continue to release AL2023 and Bottlerocket based AMIs. The default AMI family when creating clusters and nodegroups in Eksctl will be changed to AL2023 in the future.
2025-06-03 07:34:54 [ℹ] will use version 1.33 for new nodegroup(s) based on control plane version
2025-06-03 07:34:58 [ℹ] nodegroup "ng-5ee7a73e" will use "" [AmazonLinux2/1.33]
2025-06-03 07:34:59 [ℹ] 1 existing nodegroup(s) (ng-69f7b844) will be excluded
2025-06-03 07:34:59 [ℹ] 1 nodegroup (ng-5ee7a73e) was included (based on the include/exclude rules)
2025-06-03 07:34:59 [ℹ] will create a CloudFormation stack for each of 1 managed nodegroups in cluster "benetar"
2025-06-03 07:34:59 [ℹ]
2 sequential tasks: { fix cluster compatibility, 1 task: { 1 task: { create managed nodegroup "ng-5ee7a73e" } }
}
2025-06-03 07:34:59 [ℹ] checking cluster stack for missing resources
2025-06-03 07:34:59 [ℹ] cluster stack has all required resources
2025-06-03 07:35:00 [ℹ] building managed nodegroup stack "eksctl-benetar-nodegroup-ng-5ee7a73e"
2025-06-03 07:35:00 [ℹ] deploying stack "eksctl-benetar-nodegroup-ng-5ee7a73e"
2025-06-03 07:35:00 [ℹ] waiting for CloudFormation stack "eksctl-benetar-nodegroup-ng-5ee7a73e"
eks2025-06-03 07:35:31 [ℹ] waiting for CloudFormation stack "eksctl-benetar-nodegroup-ng-5ee7a73e"
2025-06-03 07:36:10 [ℹ] waiting for CloudFormation stack "eksctl-benetar-nodegroup-ng-5ee7a73e"
2025-06-03 07:36:10 [ℹ] 1 error(s) occurred and nodegroups haven't been created properly, you may wish to check CloudFormation console
2025-06-03 07:36:10 [ℹ] to cleanup resources, run 'eksctl delete nodegroup --region=us-west-2 --cluster=benetar --name=<name>' for each of the failed nodegroup
2025-06-03 07:36:10 [✖] waiter state transitioned to Failure
Error: failed to create nodegroups for cluster "benetar"
From CloudFormation stack
Resource handler returned message: "AMI Type AL2_x86_64 is only supported for kubernetes versions 1.32 or earlier (Service: Eks, Status Code: 400, Request ID: ca545fe4-333f-4028-8f14-a6fb66946beb) (SDK Attempt Count: 1)" (RequestToken: f5a109b0-62a4-9935-b82f-3d1cb7e02da4, HandlerErrorCode: InvalidRequest)
Aside, the CLI could do a better job of bubbling up the specific failure vs sending me to the CFn console.
How to reproduce it?
eksctl create cluster --version 1.33
or
eksctl create nodegroup --cluster existing-1.33-cluster
Versions
$ eksctl info
eksctl version: 0.208.0-dev+bcdd6ecb0.2025-05-12T20:08:12Z
kubectl version: v1.31.2
OS: darwin