AWS troubleshooting

2 min read

ℹ️
If you need the account id for our AMI please contact support@edera.dev

AWS debugging utilities

Get EKS node AMI & Edera version 

edera_aws_node_version() {
  NODES=( $(kubectl get nodes --no-headers | awk '{print $1}') )
  echo "Fetching AWS image data..."
  IMAGE_DATA=$(aws ec2 describe-images --owners <account_id>  --query 'Images | sort_by(@, &CreationDate) | reverse(@) | [*].[ImageId, Name, State, CreationDate]'     --output table)

  for NODE in "${NODES[@]}"; do
    NODE_AMI=$(kubectl get node "$NODE" -o json | jq -r '.metadata.labels["eks.amazonaws.com/nodegroup-image"]')
    EDERA_PROTECT_VERSION=$(echo "$IMAGE_DATA" | grep "$NODE_AMI" | awk '{print $3}')
    echo "Node: $NODE | AMI: $NODE_AMI | Edera: $EDERA_PROTECT_VERSION"
  done
}

List AMIs 

aws ec2 describe-images --filters Name=name,Values="*edera*" --query 'Images[*].[ImageId,Name,CreationDate]' --output table

SSH reconnection after reboot

The Edera installer reboots the instance into a new kernel. AWS instances typically take 1-3 minutes to come back up, but it can take longer depending on instance type and initramfs generation time.

If your SSH connection drops during installation, wait before retrying:

# Retry loop - attempts every 10 seconds for up to 5 minutes
for i in $(seq 1 30); do
  ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no user@<instance-ip> echo "up" && break
  echo "Attempt $i failed, retrying in 10s..."
  sleep 10
done

Alternatively, use EC2 Instance Connect to reconnect from the AWS Console without needing to wait for SSH to become available on a known IP.

ℹ️
If the instance does not come back after 5 minutes, check the instance’s system log in the AWS Console (Actions > Monitor and troubleshoot > Get system log) for boot errors.

Runtime not detected

Check for the RuntimeClass

  1. Check that the RuntimeClass exists:

    kubectl get runtimeclass

  2. Ensure pod spec includes:

    spec:
  runtimeClassName: edera

If kubelet isn’t detecting the Edera runtime, you may be missing the required CRI socket configuration.

Set the container-runtime-endpoint

ℹ️
The below should be used for debugging purposes only.

  1. Edit the kubelet config on the node:

    sudo vi /etc/systemd/system/kubelet.service.d/10-kubelet-args.conf

  2. Add to the KUBELET_ARGS line:

    --container-runtime-endpoint=unix:///var/lib/edera/protect/cri.socket

  3. Apply changes:

    sudo systemctl daemon-reexec
sudo systemctl daemon-reload
sudo systemctl restart kubelet

  4. Confirm runtime is in use:

    ps aux | grep kubelet | grep edera
kubectl get nodes -o wide
Last updated on