无法添加EKS集群

创建部署问题时，请参考下面模板，你提供的信息越多，越容易及时获得解答。如果未按模板创建问题，管理员有权关闭问题。
确保帖子格式清晰易读，用 markdown code block 语法格式化代码块。
你只花一分钟创建的问题，不能指望别人花上半个小时给你解答。

操作系统信息
Ubuntu20.04，4C/8G

Kubernetes版本信息
Client Version: v1.31.0

Kustomize Version: v5.4.2

容器运行时
将 docker version / crictl version / nerdctl version 结果贴在下方

KubeSphere版本信息
v4.1.2。在线安装，使用kk安装。

问题是什么
在添加EKS集群时，点击创建以后无反应，在网页的控制台上查看错误信息为：

Get “https://DA11ED6DEE5E65501CC969D43CC12F59.gr7.us-west-2.eks.amazonaws.com/api/v1/namespaces/kube-system?timeout=10s”: getting credentials: exec: executable aws not found

It looks like you are trying to use a client-go credential plugin that is not installed.

To learn more about this feature, consult the documentation available at:

https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins

执行下面命令 kubectl logs -n kubesphere-system ks-apiserver-686ddff57b-b99p4 得到的输出如下：

I0311 10:33:58.757629 1 filters.go:96] undefined - “GET /apis/cluster.kubesphere.io/v1alpha1/clusters/e HTTP/1.1” 404 232 3ms

I0311 10:33:59.190569 1 filters.go:96] undefined - “GET /apis/cluster.kubesphere.io/v1alpha1/clusters/eks HTTP/1.1” 404 236 3ms

I0311 10:34:01.698486 1 filters.go:96] undefined - “GET /apis/cluster.kubesphere.io/v1alpha1/clusters/eks HTTP/1.1” 404 236 3ms

E0311 10:34:36.135942 1 utils.go:65] /workspace/pkg/kapis/cluster/v1alpha1/handler.go:155 Get “https://56E7C1D89789B8E362CEE8E2094B0372.gr7.us-west-2.eks.amazonaws.com/api/v1/namespaces/kube-system?timeout=10s”: getting credentials: exec: executable aws not found

It looks like you are trying to use a client-go credential plugin that is not installed.

To learn more about this feature, consult the documentation available at:

https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins

hongming
谢谢大佬的回复。
按照文档中的方法，我执行了kubectl apply -f kubesphere-secret.yaml

得到的输出结果为：

Error from server (NotFound): error when creating “kubesphere-secret.yaml”: namespaces “kubesphere-system” not found

请问是需要在yaml文件里应该修改kubesphere-system为其他命名空间吗？

—

后来我又运行了如下命令：
kubectl create namespace kubesphere-system
kubectl -n kubesphere-system create serviceaccount kubesphere
kubectl apply -f kubesphere-secret.yaml
然后按照文档中的方式更新kubeconfig，最后添加集群的时候提示：

namespaces "kube-system" is forbidden: User "system:serviceaccount:kubesphere-system:kubesphere" cannot get resource "namespaces" in API group "" in the namespace "kube-system"

我最新执行的所有命令如下；

aws eks --region us-west-2 update-kubeconfig --name pageguo# 这个是集群的名字

cat <<EOF >kubesphere-secret.yaml

apiVersion: v1

kind: Secret

metadata:

name: kubesphere

namespace: kubesphere-system

annotations:

kubernetes.io/service-account.name: "kubesphere"

type: kubernetes.io/service-account-token

EOF

#下面是我自己添加的，不然没办法执行文档中后续的步骤

kubectl create namespace kubesphere-system

kubectl -n kubesphere-system create serviceaccount kubesphere

kubectl apply -f kubesphere-secret.yaml

cat <<EOF >kubesphere-cluster-admin-binding.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

name: kubesphere-cluster-admin-binding

subjects:

- kind: ServiceAccount

name: kubesphere

namespace: kubesphere-system

roleRef:

kind: ClusterRole

name: cluster-admin

apiGroup: rbac.authorization.k8s.io

EOF

kubectl apply -f kubesphere-cluster-admin-binding.yaml

#文档中原来的步骤

TOKEN=`kubectl -n kubesphere-system get secret kubesphere -o jsonpath='{.data.token}' | base64 -d`

kubectl config set-credentials kubesphere --token=${TOKEN}

kubectl config set-context --current --user=kubesphere

现在已经可以成功将EKS添加到集群中，但是状态目前是未就绪

我在控制台执行kubectl logs -n kubesphere-system ks-controller-manager-54b969df8d-v9zkk

返回的结果为：

E0314 03:11:28.672659 1 controller.go:329] “Reconciler error” err="failed to reconcile cluster pageguo-ekk: failed to install KS Core in cluster pageguo-ekk: Unable to continue with install: ServiceAccount \“kubesphere\” in namespace \“kubesphere-system\” exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key \“app.kubernetes.io/managed-by\”: must be set to \“Helm\”; annotation validation error: missing key \“meta.helm.sh/release-name\”: must be set to \“ks-core\”; annotation validation error: missing key \“meta.helm.sh/release-namespace\”: must be set to \“kubesphere-system\”" controller=“cluster” controllerGroup=“cluster.kubesphere.io” controllerKind=“Cluster” Cluster=“pageguo-ekk” namespace="" name=“pageguo-ekk” reconcileID=“b5ef77a2-74da-4e60-b9b8-728316e32b59”