kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AWS: set IMDS hop limit 1 on all new clusters

This commit is contained in:
John Gardiner Myers 2022-12-26 15:04:34 -08:00
parent ecb56b49bb
commit 6caaff50cd
2 changed files with 3 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/model/awsmodel/autoscalinggroup.go
View File

@ -288,8 +288,6 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchTemplateTask(c *fi.CloudupMode
if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit != nil { if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit != nil {
lt.HTTPPutResponseHopLimit = ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit lt.HTTPPutResponseHopLimit = ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit
} else if ig.IsControlPlane() && (b.Cluster.IsKubernetesLT("1.26") || !b.UseServiceAccountExternalPermissions()) {
lt.HTTPPutResponseHopLimit = fi.PtrTo[int64](3)
} }
if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPTokens != nil { if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPTokens != nil {

12
upup/pkg/fi/cloudup/new_cluster.go
View File

@ -878,15 +878,9 @@ func setupControlPlane(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubne
g.Spec.Zones = []string{zone} g.Spec.Zones = []string{zone}
} }
if cluster.IsKubernetesLT("1.27") { if cluster.IsKubernetesLT("1.27") && cloudProvider == api.CloudProviderAWS {
if cloudProvider == api.CloudProviderAWS { g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{
g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{ HTTPTokens: fi.PtrTo("required"),
HTTPPutResponseHopLimit: fi.PtrTo(int64(3)),
HTTPTokens: fi.PtrTo("required"),
}
}
if cluster.IsKubernetesGTE("1.26") && fi.ValueOf(cluster.Spec.IAM.UseServiceAccountExternalPermissions) {
g.Spec.InstanceMetadata.HTTPPutResponseHopLimit = fi.PtrTo(int64(1))
} }
} }