AWS: set IMDS hop limit 1 on all new clusters

2022-12-26 15:04:34 -08:00 · 2022-12-26 15:04:34 -08:00 · 6caaff50cd
parent ecb56b49bb
commit 6caaff50cd
2 changed files with 3 additions and 11 deletions
--- a/pkg/model/awsmodel/autoscalinggroup.go
+++ b/pkg/model/awsmodel/autoscalinggroup.go
@ -288,8 +288,6 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchTemplateTask(c *fi.CloudupMode

 	if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit != nil {
 		lt.HTTPPutResponseHopLimit = ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit
-	} else if ig.IsControlPlane() && (b.Cluster.IsKubernetesLT("1.26") || !b.UseServiceAccountExternalPermissions()) {
-		lt.HTTPPutResponseHopLimit = fi.PtrTo[int64](3)
 	}

 	if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPTokens != nil {
--- a/upup/pkg/fi/cloudup/new_cluster.go
+++ b/upup/pkg/fi/cloudup/new_cluster.go
@ -878,15 +878,9 @@ func setupControlPlane(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubne
 				g.Spec.Zones = []string{zone}
 			}

-			if cluster.IsKubernetesLT("1.27") {
-				if cloudProvider == api.CloudProviderAWS {
-					g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{
-						HTTPPutResponseHopLimit: fi.PtrTo(int64(3)),
-						HTTPTokens:              fi.PtrTo("required"),
-					}
-				}
-				if cluster.IsKubernetesGTE("1.26") && fi.ValueOf(cluster.Spec.IAM.UseServiceAccountExternalPermissions) {
-					g.Spec.InstanceMetadata.HTTPPutResponseHopLimit = fi.PtrTo(int64(1))
+			if cluster.IsKubernetesLT("1.27") && cloudProvider == api.CloudProviderAWS {
+				g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{
+					HTTPTokens: fi.PtrTo("required"),
 				}
 			}