Select Language:
If you haven’t set the node_security_group_tags in your EKS Terraform setup, Karpenter won’t know which security group to assign to the nodes it creates. This usually means that the nodes will default to the regular VPC security group, which often lacks the necessary rules to connect properly with the EKS control plane.
Karpenter determines which subnets and security groups to use based on a specific tag. The tag looks like this: “karpenter.sh/discovery” = “
You can learn more about this in the Karpenter documentation, especially in the section about cluster setup. Just search for “karpenter.sh/discovery” to find the relevant details.
To fix this, add the following code block to your EKS module configuration:
hcl
node_security_group_tags = {
“karpenter.sh/discovery” = “${var.environment}-eks-cluster”
}
This will ensure that the security group created by the EKS module automatically gets the correct discovery tag. When this is in place, Karpenter will recognize the security group, and new nodes will launch with the right security group attached. As a result, they will correctly join your cluster and be fully operational.
ChatGPT
Perplexity
Gemini AI
Grok AI
