AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 375

A DevOps engineer successfully creates an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that includes managed node groups. When the DevOps engineer tries to add node groups to the cluster, the cluster returns an error that states, "NodeCreationFailure: Instances failed to join the Kubernetes cluster."

The DevOps engineer confirms that the EC2 worker nodes are running and that the EKS cluster is in an active state.

How should the DevOps engineer troubleshoot this issue?

Answer options

• A. Ensure that the EKS cluster's VPC subnets do not overlap with the 172.17.0.0/16 CIDR range.
• B. Use kubectl to update the kubeconfig file to use the credentials that created the cluster.
• C. Run the AWSSupport-TroubleshootEKSWorkerNode runbook.
• D. Create an AWS Identity and Access Management (IAM) OpenID Connect (OIDC) provider for the cluster.

Correct answer: A

Explanation

The 'NodeCreationFailure' error frequently happens if the Amazon EKS cluster's VPC subnets overlap with the 172.17.0.0/16 CIDR range, which is used internally by Docker on the worker nodes and causes routing conflicts. Ensuring that the VPC subnets do not overlap with this range allows the worker nodes to properly bootstrap and establish communication with the EKS control plane. Other options, like running Systems Manager runbooks or configuring IAM OIDC, do not address this specific IP routing conflict that blocks node registration.