Ubuntu-EKS image not working

Shiva, thank you for your bug report. We are in the process of publishing a new image for CVE-2018-3615 (also known as Foreshadow), CVE-2018-3620, and CVE-2018-3646 which are all part of the L1 Terminal Fault disclosure[1] and we will validate that the newest image does work.

In the meantime, the image you are using was validated so we would like a little more information on your deployment. Can you ensure you are running with our nodegroup template and following the instructions outlined @ https://cloud-images.ubuntu.com/docs/aws/eks/ When you have this issue, please update the node security group to allow ssh from your IP address, ssh to an instance that is not enrolling with the master, and pull logs with 'sosreport --all-logs'[2] and attach them to this bug. In the meantime I am marking this bug as 'Incomplete' while we wait for logs.

[1] https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF
[2] http://manpages.ubuntu.com/manpages/bionic/man1/sosreport.1.html

Shiva, I recently completed testing of an updated Ubuntu image for EKS. I would recommend trying again with ami-6322011b in us-west-2.

I happened to run into a problem that sounds like yours. In my case it was user error while following the Getting Started guide (https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html). Specifically my problem was this:

Under "Step 3: Launch and Configure Amazon EKS Worker Nodes" in the section "To enable worker nodes to join your cluster" when editing the aws-auth-cm.yaml file, I incorrectly used the ARN of the service role that I created way back as a prerequisite. The correct ARN to use in this file is the NodeInstanceRole which was created a little earlier in Step 3 when creating the stack.

Thanks. It worked.

Excellent, that's great to hear Shiva. If you have further issues, or suggestions, for this image please file bugs here.