From 6caaff50cd971ab171598f56b4bfb18ce14bed15 Mon Sep 17 00:00:00 2001 From: John Gardiner Myers Date: Mon, 26 Dec 2022 15:04:34 -0800 Subject: [PATCH] AWS: set IMDS hop limit 1 on all new clusters --- pkg/model/awsmodel/autoscalinggroup.go | 2 -- upup/pkg/fi/cloudup/new_cluster.go | 12 +++--------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/pkg/model/awsmodel/autoscalinggroup.go b/pkg/model/awsmodel/autoscalinggroup.go index f02d0a28e9..f1533e9c8d 100644 --- a/pkg/model/awsmodel/autoscalinggroup.go +++ b/pkg/model/awsmodel/autoscalinggroup.go @@ -288,8 +288,6 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchTemplateTask(c *fi.CloudupMode if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit != nil { lt.HTTPPutResponseHopLimit = ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit - } else if ig.IsControlPlane() && (b.Cluster.IsKubernetesLT("1.26") || !b.UseServiceAccountExternalPermissions()) { - lt.HTTPPutResponseHopLimit = fi.PtrTo[int64](3) } if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPTokens != nil { diff --git a/upup/pkg/fi/cloudup/new_cluster.go b/upup/pkg/fi/cloudup/new_cluster.go index 609d77a9d2..b702175493 100644 --- a/upup/pkg/fi/cloudup/new_cluster.go +++ b/upup/pkg/fi/cloudup/new_cluster.go @@ -878,15 +878,9 @@ func setupControlPlane(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubne g.Spec.Zones = []string{zone} } - if cluster.IsKubernetesLT("1.27") { - if cloudProvider == api.CloudProviderAWS { - g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{ - HTTPPutResponseHopLimit: fi.PtrTo(int64(3)), - HTTPTokens: fi.PtrTo("required"), - } - } - if cluster.IsKubernetesGTE("1.26") && fi.ValueOf(cluster.Spec.IAM.UseServiceAccountExternalPermissions) { - g.Spec.InstanceMetadata.HTTPPutResponseHopLimit = fi.PtrTo(int64(1)) + if cluster.IsKubernetesLT("1.27") && cloudProvider == api.CloudProviderAWS { + g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{ + HTTPTokens: fi.PtrTo("required"), } }