kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

aws: Set IMDS defaults for existing clusters

This commit is contained in:
Ciprian Hacman 2022-12-26 06:08:17 +02:00
parent 7e7ad105fe
commit 62f1d20c96
2 changed files with 36 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/model/awsmodel/autoscalinggroup.go
View File

@ -181,7 +181,7 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchTemplateTask(c *fi.CloudupMode
Lifecycle: b.Lifecycle, Lifecycle: b.Lifecycle,
CPUCredits: fi.PtrTo(fi.ValueOf(ig.Spec.CPUCredits)), CPUCredits: fi.PtrTo(fi.ValueOf(ig.Spec.CPUCredits)),
HTTPPutResponseHopLimit: fi.PtrTo(int64(1)), HTTPPutResponseHopLimit: fi.PtrTo(int64(1)),
HTTPTokens: fi.PtrTo(ec2.LaunchTemplateHttpTokensStateOptional), HTTPTokens: fi.PtrTo(ec2.LaunchTemplateHttpTokensStateRequired),
HTTPProtocolIPv6: fi.PtrTo(ec2.LaunchTemplateInstanceMetadataProtocolIpv6Disabled), HTTPProtocolIPv6: fi.PtrTo(ec2.LaunchTemplateInstanceMetadataProtocolIpv6Disabled),
IAMInstanceProfile: link, IAMInstanceProfile: link,
ImageID: fi.PtrTo(ig.Spec.Image), ImageID: fi.PtrTo(ig.Spec.Image),
@ -281,10 +281,14 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchTemplateTask(c *fi.CloudupMode
if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit != nil { if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit != nil {
lt.HTTPPutResponseHopLimit = ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit lt.HTTPPutResponseHopLimit = ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit
} else if ig.IsControlPlane() && (b.Cluster.IsKubernetesLT("1.26") || !b.UseServiceAccountExternalPermissions()) {
lt.HTTPPutResponseHopLimit = fi.PtrTo[int64](3)
} }
if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPTokens != nil { if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPTokens != nil {
lt.HTTPTokens = ig.Spec.InstanceMetadata.HTTPTokens lt.HTTPTokens = ig.Spec.InstanceMetadata.HTTPTokens
} else if b.IsKubernetesLT("1.27") {
lt.HTTPTokens = fi.PtrTo(ec2.LaunchTemplateHttpTokensStateOptional)
} }
if rootVolumeType == ec2.VolumeTypeIo1 || rootVolumeType == ec2.VolumeTypeIo2 { if rootVolumeType == ec2.VolumeTypeIo1 || rootVolumeType == ec2.VolumeTypeIo2 {

52
upup/pkg/fi/cloudup/new_cluster.go
View File

@ -877,14 +877,16 @@ func setupControlPlane(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubne
g.Spec.Zones = []string{zone} g.Spec.Zones = []string{zone}
} }
if cloudProvider == api.CloudProviderAWS { if cluster.IsKubernetesLT("1.27") {
g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{ if cloudProvider == api.CloudProviderAWS {
HTTPPutResponseHopLimit: fi.PtrTo(int64(3)), g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{
HTTPTokens: fi.PtrTo("required"), HTTPPutResponseHopLimit: fi.PtrTo(int64(3)),
HTTPTokens: fi.PtrTo("required"),
}
}
if cluster.IsKubernetesGTE("1.26") && fi.ValueOf(cluster.Spec.IAM.UseServiceAccountExternalPermissions) {
g.Spec.InstanceMetadata.HTTPPutResponseHopLimit = fi.PtrTo(int64(1))
} }
}
if cluster.IsKubernetesGTE("1.26") && fi.ValueOf(cluster.Spec.IAM.UseServiceAccountExternalPermissions) {
g.Spec.InstanceMetadata.HTTPPutResponseHopLimit = fi.PtrTo(int64(1))
} }
g.Spec.MachineType = opt.ControlPlaneSize g.Spec.MachineType = opt.ControlPlaneSize
@ -1006,10 +1008,12 @@ func setupNodes(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubnetMap ma
g.Spec.Zones = []string{zone} g.Spec.Zones = []string{zone}
} }
if cloudProvider == api.CloudProviderAWS { if cluster.IsKubernetesLT("1.27") {
g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{ if cloudProvider == api.CloudProviderAWS {
HTTPPutResponseHopLimit: fi.PtrTo(int64(1)), g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{
HTTPTokens: fi.PtrTo("required"), HTTPPutResponseHopLimit: fi.PtrTo(int64(1)),
HTTPTokens: fi.PtrTo("required"),
}
} }
} }
@ -1028,9 +1032,11 @@ func setupKarpenterNodes(opt *NewClusterOptions, cluster *api.Cluster, zoneToSub
g.Spec.Manager = api.InstanceManagerKarpenter g.Spec.Manager = api.InstanceManagerKarpenter
g.ObjectMeta.Name = "nodes" g.ObjectMeta.Name = "nodes"
g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{ if cluster.IsKubernetesLT("1.27") {
HTTPPutResponseHopLimit: fi.PtrTo(int64(1)), g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{
HTTPTokens: fi.PtrTo("required"), HTTPPutResponseHopLimit: fi.PtrTo(int64(1)),
HTTPTokens: fi.PtrTo("required"),
}
} }
return []*api.InstanceGroup{g}, nil return []*api.InstanceGroup{g}, nil
@ -1073,10 +1079,12 @@ func setupAPIServers(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubnetM
g.Spec.Zones = []string{zone} g.Spec.Zones = []string{zone}
} }
if cloudProvider == api.CloudProviderAWS { if cluster.IsKubernetesLT("1.27") {
g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{ if cloudProvider == api.CloudProviderAWS {
HTTPPutResponseHopLimit: fi.PtrTo(int64(1)), g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{
HTTPTokens: fi.PtrTo("required"), HTTPPutResponseHopLimit: fi.PtrTo(int64(1)),
HTTPTokens: fi.PtrTo("required"),
}
} }
} }
@ -1275,9 +1283,11 @@ func setupTopology(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.S
bastionGroup.Spec.Zones = allZones.List() bastionGroup.Spec.Zones = allZones.List()
} }
bastionGroup.Spec.InstanceMetadata = &api.InstanceMetadataOptions{ if cluster.IsKubernetesLT("1.27") {
HTTPPutResponseHopLimit: fi.PtrTo(int64(1)), bastionGroup.Spec.InstanceMetadata = &api.InstanceMetadataOptions{
HTTPTokens: fi.PtrTo("required"), HTTPPutResponseHopLimit: fi.PtrTo(int64(1)),
HTTPTokens: fi.PtrTo("required"),
}
} }
bastionGroup.Spec.Image = opt.BastionImage bastionGroup.Spec.Image = opt.BastionImage