By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EKS Anywhere network create error "System.Read privilege" in vSphere

0

Getting the below error when provisioning a EKS Anywhere cluster in vSphere. Below error is from a VMware Cloud on AWS SDDC vCenter.

**Error Message: ** error getting network specs for "infrastructure.cluster.x-k8s.io/v1beta1, Kind=VSphereVM eksa-system/eksa-vsphere-conformitron-etcd-j7kp7": unable to create new ethernet card backing info for network "/SDDC-Datacenter/network/eks-workload-network" on "infrastructure.cluster.x-k8s.io/v1beta1, Kind=VSphereVM eksa-system/eksa-vsphere-conformitron-etcd-j7kp7": failed to create EthernetCardBackingInfo for /SDDC-Datacenter/network/eks-workload-network: System.Read privilege required for config.distributedVirtualSwitch

Topics
Containers
Tags
Amazon Elastic Kubernetes ServiceAmazon EKS Anywhere
Language
English
profile pictureAWS
EXPERT
Elvis_P
asked 6 months ago182 views
1 Answer
0
Accepted Answer

This fix has been verified to work on VMware Cloud on AWS and may work on vSphere 7.x+ This also has been verified to work on environment where the permissions were set previously and has worked.

Step 1:

  1. Log into vCenter
  2. Go to Administration/Global Permissions and select and Delete [DOMAIN/Admin Group] (ex. EC2.INTERNAL/eksa-local-user)
  3. Waiting about 10-15 seconds for the permission change to take affect
  4. In Administration/Global Permissions click on Add
  5. Select Domain > [DOMAIN] (ex. eksa-domain.internal)
  6. User/Group > [Admin Group] (ex. eksa-local-user
  7. Role> select CloudAdmin
  8. Check “Propogate to children”
  9. Click OK button
  10. Wait 10-15 seconds before going to next step

Step 2:

  1. Go to Inventory and then go to Network section/tab
  2. Expand vcenter-xxxxxxxx/SDDC-Datacenter and select vmc-hostswitch
  3. Click on Permissions tab
  4. Click on Add button
  5. Select Domain > [DOMAIN] (ex. eksa-domain.internal)
  6. User/Group > [Admin Group] (ex. eksa-local-user)
  7. Role> select Read-only
  8. Be sure that “Propogate to children” is unchecked
  9. Click OK button

Wait 10-15 seconds before trying to provision a new cluster again. Be sure to log off of any active sessions before trying the steps above.

profile pictureAWS
EXPERT
Elvis_P
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content