From 6caaff50cd971ab171598f56b4bfb18ce14bed15 Mon Sep 17 00:00:00 2001 From: John Gardiner Myers Date: Mon, 26 Dec 2022 15:04:34 -0800 Subject: [PATCH 1/3] AWS: set IMDS hop limit 1 on all new clusters --- pkg/model/awsmodel/autoscalinggroup.go | 2 -- upup/pkg/fi/cloudup/new_cluster.go | 12 +++--------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/pkg/model/awsmodel/autoscalinggroup.go b/pkg/model/awsmodel/autoscalinggroup.go index f02d0a28e9..f1533e9c8d 100644 --- a/pkg/model/awsmodel/autoscalinggroup.go +++ b/pkg/model/awsmodel/autoscalinggroup.go @@ -288,8 +288,6 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchTemplateTask(c *fi.CloudupMode if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit != nil { lt.HTTPPutResponseHopLimit = ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit - } else if ig.IsControlPlane() && (b.Cluster.IsKubernetesLT("1.26") || !b.UseServiceAccountExternalPermissions()) { - lt.HTTPPutResponseHopLimit = fi.PtrTo[int64](3) } if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPTokens != nil { diff --git a/upup/pkg/fi/cloudup/new_cluster.go b/upup/pkg/fi/cloudup/new_cluster.go index 609d77a9d2..b702175493 100644 --- a/upup/pkg/fi/cloudup/new_cluster.go +++ b/upup/pkg/fi/cloudup/new_cluster.go @@ -878,15 +878,9 @@ func setupControlPlane(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubne g.Spec.Zones = []string{zone} } - if cluster.IsKubernetesLT("1.27") { - if cloudProvider == api.CloudProviderAWS { - g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{ - HTTPPutResponseHopLimit: fi.PtrTo(int64(3)), - HTTPTokens: fi.PtrTo("required"), - } - } - if cluster.IsKubernetesGTE("1.26") && fi.ValueOf(cluster.Spec.IAM.UseServiceAccountExternalPermissions) { - g.Spec.InstanceMetadata.HTTPPutResponseHopLimit = fi.PtrTo(int64(1)) + if cluster.IsKubernetesLT("1.27") && cloudProvider == api.CloudProviderAWS { + g.Spec.InstanceMetadata = &api.InstanceMetadataOptions{ + HTTPTokens: fi.PtrTo("required"), } } From aa268ef173c9ac343ef37c7df15ef7db18189dc2 Mon Sep 17 00:00:00 2001 From: John Gardiner Myers Date: Thu, 29 Dec 2022 10:24:41 -0800 Subject: [PATCH 2/3] hack/update-expected.sh --- .../create_cluster/cilium-eni/expected-v1alpha2.yaml | 1 - .../create_cluster/complex/expected-v1alpha2.yaml | 1 - .../create_cluster/different-amis/expected-v1alpha2.yaml | 1 - tests/integration/create_cluster/ha/expected-v1alpha2.yaml | 3 --- .../create_cluster/ha_encrypt/expected-v1alpha2.yaml | 3 --- .../create_cluster/ha_shared_zone/expected-v1alpha2.yaml | 3 --- .../create_cluster/ha_shared_zones/expected-v1alpha2.yaml | 5 ----- .../create_cluster/ingwspecified/expected-v1alpha2.yaml | 1 - .../integration/create_cluster/ipv6/expected-v1alpha2.yaml | 1 - .../create_cluster/karpenter/expected-v1alpha2.yaml | 1 - .../create_cluster/minimal-1.22/expected-v1alpha2.yaml | 1 - .../create_cluster/minimal-1.23/expected-v1alpha2.yaml | 1 - .../create_cluster/minimal-1.24/expected-v1alpha2.yaml | 1 - .../create_cluster/minimal-1.25/expected-v1alpha2.yaml | 1 - .../minimal-1.26-arm64/expected-v1alpha2.yaml | 1 - .../create_cluster/minimal-1.26-irsa/expected-v1alpha2.yaml | 1 - .../create_cluster/minimal-1.26/expected-v1alpha2.yaml | 1 - .../minimal_feature-gates/expected-v1alpha2.yaml | 1 - .../create_cluster/ngwspecified/expected-v1alpha2.yaml | 1 - .../create_cluster/overrides/expected-v1alpha2.yaml | 1 - .../create_cluster/private/expected-v1alpha2.yaml | 1 - .../private_shared_subnets/expected-v1alpha2.yaml | 1 - .../create_cluster/shared_subnets/expected-v1alpha2.yaml | 1 - .../shared_subnets_vpc_lookup/expected-v1alpha2.yaml | 1 - .../create_cluster/shared_vpc/expected-v1alpha2.yaml | 1 - .../integration/update_cluster/apiservernodes/kubernetes.tf | 2 +- .../bastionadditional_user-data/kubernetes.tf | 2 +- .../kubernetes.tf | 2 +- .../cluster-autoscaler-priority-expander/kubernetes.tf | 2 +- tests/integration/update_cluster/compress/kubernetes.tf | 2 +- .../update_cluster/containerd-custom/kubernetes.tf | 2 +- tests/integration/update_cluster/containerd/kubernetes.tf | 2 +- tests/integration/update_cluster/digit/kubernetes.tf | 2 +- .../integration/update_cluster/docker-custom/kubernetes.tf | 2 +- tests/integration/update_cluster/existing_iam/kubernetes.tf | 6 +++--- tests/integration/update_cluster/existing_sg/kubernetes.tf | 6 +++--- tests/integration/update_cluster/external_dns/kubernetes.tf | 2 +- tests/integration/update_cluster/externallb/kubernetes.tf | 2 +- .../update_cluster/externalpolicies/kubernetes.tf | 2 +- tests/integration/update_cluster/ha/kubernetes.tf | 6 +++--- tests/integration/update_cluster/irsa/kubernetes.tf | 2 +- tests/integration/update_cluster/karpenter/kubernetes.tf | 2 +- .../update_cluster/many-addons-ccm-irsa23/kubernetes.tf | 2 +- .../update_cluster/many-addons-ccm-irsa24/kubernetes.tf | 2 +- .../update_cluster/many-addons-ccm-irsa25/kubernetes.tf | 2 +- .../update_cluster/many-addons-ccm/kubernetes.tf | 2 +- tests/integration/update_cluster/many-addons/kubernetes.tf | 2 +- tests/integration/update_cluster/minimal-etcd/kubernetes.tf | 2 +- tests/integration/update_cluster/minimal-gp3/kubernetes.tf | 2 +- .../update_cluster/minimal-ipv6-calico/kubernetes.tf | 2 +- .../update_cluster/minimal-ipv6-cilium/kubernetes.tf | 2 +- .../minimal-ipv6-no-subnet-prefix/kubernetes.tf | 2 +- tests/integration/update_cluster/minimal-ipv6/kubernetes.tf | 2 +- .../update_cluster/minimal-longclustername/kubernetes.tf | 2 +- .../update_cluster/minimal-warmpool/kubernetes.tf | 2 +- tests/integration/update_cluster/minimal/kubernetes.tf | 2 +- .../integration/update_cluster/minimal_gossip/kubernetes.tf | 2 +- .../update_cluster/mixed_instances/kubernetes.tf | 6 +++--- .../update_cluster/mixed_instances_spot/kubernetes.tf | 6 +++--- .../update_cluster/nth-imds-processor/kubernetes.tf | 2 +- tests/integration/update_cluster/nvidia/kubernetes.tf | 2 +- .../update_cluster/private-shared-ip/kubernetes.tf | 2 +- .../update_cluster/private-shared-subnet/kubernetes.tf | 2 +- tests/integration/update_cluster/privatecanal/kubernetes.tf | 2 +- .../update_cluster/privatecilium-eni/kubernetes.tf | 2 +- .../integration/update_cluster/privatecilium/kubernetes.tf | 2 +- .../integration/update_cluster/privatecilium2/kubernetes.tf | 2 +- .../update_cluster/privateciliumadvanced/kubernetes.tf | 2 +- tests/integration/update_cluster/privatedns1/kubernetes.tf | 2 +- tests/integration/update_cluster/privatedns2/kubernetes.tf | 2 +- .../integration/update_cluster/privateflannel/kubernetes.tf | 2 +- .../integration/update_cluster/privatekopeio/kubernetes.tf | 2 +- tests/integration/update_cluster/privateweave/kubernetes.tf | 2 +- .../update_cluster/public-jwks-apiserver/kubernetes.tf | 2 +- .../integration/update_cluster/shared_subnet/kubernetes.tf | 2 +- tests/integration/update_cluster/shared_vpc/kubernetes.tf | 2 +- .../update_cluster/shared_vpc_ipv6/kubernetes.tf | 2 +- tests/integration/update_cluster/unmanaged/kubernetes.tf | 2 +- tests/integration/update_cluster/vfs-said/kubernetes.tf | 2 +- 79 files changed, 64 insertions(+), 99 deletions(-) diff --git a/tests/integration/create_cluster/cilium-eni/expected-v1alpha2.yaml b/tests/integration/create_cluster/cilium-eni/expected-v1alpha2.yaml index d2e76bbe9e..93a74eff47 100644 --- a/tests/integration/create_cluster/cilium-eni/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/cilium-eni/expected-v1alpha2.yaml @@ -70,7 +70,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/complex/expected-v1alpha2.yaml b/tests/integration/create_cluster/complex/expected-v1alpha2.yaml index 895b9842cf..fac02efcd9 100644 --- a/tests/integration/create_cluster/complex/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/complex/expected-v1alpha2.yaml @@ -65,7 +65,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/different-amis/expected-v1alpha2.yaml b/tests/integration/create_cluster/different-amis/expected-v1alpha2.yaml index 1f3baf440a..e71fbc1732 100644 --- a/tests/integration/create_cluster/different-amis/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/different-amis/expected-v1alpha2.yaml @@ -116,7 +116,6 @@ metadata: spec: image: ami-control-plane instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/ha/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha/expected-v1alpha2.yaml index 3bf3d31bb7..48060c1836 100644 --- a/tests/integration/create_cluster/ha/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha/expected-v1alpha2.yaml @@ -86,7 +86,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 @@ -107,7 +106,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 @@ -128,7 +126,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml index 59ba9a4f65..76ef0cb0fc 100644 --- a/tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml @@ -86,7 +86,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 @@ -107,7 +106,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 @@ -128,7 +126,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml index 4b524a6aa3..e5e2a4c3f5 100644 --- a/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml @@ -78,7 +78,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 @@ -99,7 +98,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 @@ -120,7 +118,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml index 17b0bde280..d4bd4da819 100644 --- a/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml @@ -94,7 +94,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 @@ -115,7 +114,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 @@ -136,7 +134,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 @@ -157,7 +154,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 @@ -178,7 +174,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml b/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml index 35ed51272c..db8dfba77e 100644 --- a/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml @@ -96,7 +96,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/ipv6/expected-v1alpha2.yaml b/tests/integration/create_cluster/ipv6/expected-v1alpha2.yaml index 4d38c20810..3549332be4 100644 --- a/tests/integration/create_cluster/ipv6/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ipv6/expected-v1alpha2.yaml @@ -79,7 +79,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/karpenter/expected-v1alpha2.yaml b/tests/integration/create_cluster/karpenter/expected-v1alpha2.yaml index 9bcce0abd6..085fb259f3 100644 --- a/tests/integration/create_cluster/karpenter/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/karpenter/expected-v1alpha2.yaml @@ -80,7 +80,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.22/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.22/expected-v1alpha2.yaml index a8ece0d69e..0fa425d319 100644 --- a/tests/integration/create_cluster/minimal-1.22/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-1.22/expected-v1alpha2.yaml @@ -66,7 +66,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.23/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.23/expected-v1alpha2.yaml index 4e549ed7f2..a307b5ace1 100644 --- a/tests/integration/create_cluster/minimal-1.23/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-1.23/expected-v1alpha2.yaml @@ -66,7 +66,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.24/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.24/expected-v1alpha2.yaml index 689f475353..78c68b2435 100644 --- a/tests/integration/create_cluster/minimal-1.24/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-1.24/expected-v1alpha2.yaml @@ -66,7 +66,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.25/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.25/expected-v1alpha2.yaml index 8e79e698c3..afc48b5978 100644 --- a/tests/integration/create_cluster/minimal-1.25/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-1.25/expected-v1alpha2.yaml @@ -66,7 +66,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.26-arm64/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.26-arm64/expected-v1alpha2.yaml index c1899b917b..d151f66499 100644 --- a/tests/integration/create_cluster/minimal-1.26-arm64/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-1.26-arm64/expected-v1alpha2.yaml @@ -66,7 +66,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m6g.xlarge maxSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.26-irsa/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.26-irsa/expected-v1alpha2.yaml index 5a59ce16c8..efa4556e9d 100644 --- a/tests/integration/create_cluster/minimal-1.26-irsa/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-1.26-irsa/expected-v1alpha2.yaml @@ -70,7 +70,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 1 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.26/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.26/expected-v1alpha2.yaml index c234d9adc8..07d03d212d 100644 --- a/tests/integration/create_cluster/minimal-1.26/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-1.26/expected-v1alpha2.yaml @@ -66,7 +66,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/minimal_feature-gates/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal_feature-gates/expected-v1alpha2.yaml index 0e5a10ebb2..e493d92594 100644 --- a/tests/integration/create_cluster/minimal_feature-gates/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal_feature-gates/expected-v1alpha2.yaml @@ -90,7 +90,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml b/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml index 814ffaff01..37a97511db 100644 --- a/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml @@ -96,7 +96,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml b/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml index 18753219e6..de61491f57 100644 --- a/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml @@ -69,7 +69,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/private/expected-v1alpha2.yaml b/tests/integration/create_cluster/private/expected-v1alpha2.yaml index a9457dfc24..8fe2301bc1 100644 --- a/tests/integration/create_cluster/private/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/private/expected-v1alpha2.yaml @@ -102,7 +102,6 @@ spec: - sg-exampleid4 image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml b/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml index 3057a75a64..f044ea20e2 100644 --- a/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml @@ -75,7 +75,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml b/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml index bfa7e3bafd..2cb4da49d8 100644 --- a/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml @@ -68,7 +68,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml b/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml index bfa7e3bafd..2cb4da49d8 100644 --- a/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml @@ -68,7 +68,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml b/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml index c48cee476e..5c6145cc80 100644 --- a/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml @@ -67,7 +67,6 @@ metadata: spec: image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20221206 instanceMetadata: - httpPutResponseHopLimit: 3 httpTokens: required machineType: m3.medium maxSize: 1 diff --git a/tests/integration/update_cluster/apiservernodes/kubernetes.tf b/tests/integration/update_cluster/apiservernodes/kubernetes.tf index a38b40a9c4..56c3ed2621 100644 --- a/tests/integration/update_cluster/apiservernodes/kubernetes.tf +++ b/tests/integration/update_cluster/apiservernodes/kubernetes.tf @@ -522,7 +522,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf index 4514e752f3..5eecad6d4c 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf +++ b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf @@ -543,7 +543,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-bastionuserdata-exampl metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/kubernetes.tf b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/kubernetes.tf index f335ea74b6..e019b1bfdd 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/kubernetes.tf +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/kubernetes.tf @@ -423,7 +423,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-cas-priority-expander- metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/kubernetes.tf b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/kubernetes.tf index cbd29f6954..9dcd00d8d2 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/kubernetes.tf +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/kubernetes.tf @@ -423,7 +423,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-cas-priority-expander- metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/compress/kubernetes.tf b/tests/integration/update_cluster/compress/kubernetes.tf index c94df84bea..4cf46da003 100644 --- a/tests/integration/update_cluster/compress/kubernetes.tf +++ b/tests/integration/update_cluster/compress/kubernetes.tf @@ -322,7 +322,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-compress-example-com" metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/containerd-custom/kubernetes.tf b/tests/integration/update_cluster/containerd-custom/kubernetes.tf index 86ec5c97ce..e8359f42fc 100644 --- a/tests/integration/update_cluster/containerd-custom/kubernetes.tf +++ b/tests/integration/update_cluster/containerd-custom/kubernetes.tf @@ -333,7 +333,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-containerd-example-com metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/containerd/kubernetes.tf b/tests/integration/update_cluster/containerd/kubernetes.tf index 86ec5c97ce..e8359f42fc 100644 --- a/tests/integration/update_cluster/containerd/kubernetes.tf +++ b/tests/integration/update_cluster/containerd/kubernetes.tf @@ -333,7 +333,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-containerd-example-com metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/digit/kubernetes.tf b/tests/integration/update_cluster/digit/kubernetes.tf index db5b2916a6..91c2160717 100644 --- a/tests/integration/update_cluster/digit/kubernetes.tf +++ b/tests/integration/update_cluster/digit/kubernetes.tf @@ -409,7 +409,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-123-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/docker-custom/kubernetes.tf b/tests/integration/update_cluster/docker-custom/kubernetes.tf index 2efdc8ab4a..6e5b51199a 100644 --- a/tests/integration/update_cluster/docker-custom/kubernetes.tf +++ b/tests/integration/update_cluster/docker-custom/kubernetes.tf @@ -348,7 +348,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-docker-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/existing_iam/kubernetes.tf b/tests/integration/update_cluster/existing_iam/kubernetes.tf index 6f8a603299..68416bec87 100644 --- a/tests/integration/update_cluster/existing_iam/kubernetes.tf +++ b/tests/integration/update_cluster/existing_iam/kubernetes.tf @@ -459,7 +459,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-existing-iam-example-c metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { @@ -542,7 +542,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-existing-iam-example-c metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { @@ -625,7 +625,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-existing-iam-example-c metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/existing_sg/kubernetes.tf b/tests/integration/update_cluster/existing_sg/kubernetes.tf index 58e503d3ae..320e052474 100644 --- a/tests/integration/update_cluster/existing_sg/kubernetes.tf +++ b/tests/integration/update_cluster/existing_sg/kubernetes.tf @@ -562,7 +562,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-existingsg-example-com metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { @@ -645,7 +645,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-existingsg-example-com metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { @@ -728,7 +728,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-existingsg-example-com metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/external_dns/kubernetes.tf b/tests/integration/update_cluster/external_dns/kubernetes.tf index dfbe823209..3a43e6d97a 100644 --- a/tests/integration/update_cluster/external_dns/kubernetes.tf +++ b/tests/integration/update_cluster/external_dns/kubernetes.tf @@ -333,7 +333,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/externallb/kubernetes.tf b/tests/integration/update_cluster/externallb/kubernetes.tf index b96c7359d3..305bc004ff 100644 --- a/tests/integration/update_cluster/externallb/kubernetes.tf +++ b/tests/integration/update_cluster/externallb/kubernetes.tf @@ -337,7 +337,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-externallb-example-com metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/externalpolicies/kubernetes.tf b/tests/integration/update_cluster/externalpolicies/kubernetes.tf index b0aec7c06a..66e7b0768a 100644 --- a/tests/integration/update_cluster/externalpolicies/kubernetes.tf +++ b/tests/integration/update_cluster/externalpolicies/kubernetes.tf @@ -411,7 +411,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-externalpolicies-examp metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/ha/kubernetes.tf b/tests/integration/update_cluster/ha/kubernetes.tf index 6125325bb0..c2da2f34d6 100644 --- a/tests/integration/update_cluster/ha/kubernetes.tf +++ b/tests/integration/update_cluster/ha/kubernetes.tf @@ -531,7 +531,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-ha-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { @@ -614,7 +614,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-ha-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { @@ -697,7 +697,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-ha-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/irsa/kubernetes.tf b/tests/integration/update_cluster/irsa/kubernetes.tf index 91dcbcea8a..a8a000ec23 100644 --- a/tests/integration/update_cluster/irsa/kubernetes.tf +++ b/tests/integration/update_cluster/irsa/kubernetes.tf @@ -436,7 +436,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/karpenter/kubernetes.tf b/tests/integration/update_cluster/karpenter/kubernetes.tf index 41b417f3d3..ab17804a40 100644 --- a/tests/integration/update_cluster/karpenter/kubernetes.tf +++ b/tests/integration/update_cluster/karpenter/kubernetes.tf @@ -610,7 +610,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa23/kubernetes.tf b/tests/integration/update_cluster/many-addons-ccm-irsa23/kubernetes.tf index 27678132f0..9f8b2780ea 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa23/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons-ccm-irsa23/kubernetes.tf @@ -623,7 +623,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa24/kubernetes.tf b/tests/integration/update_cluster/many-addons-ccm-irsa24/kubernetes.tf index 2a22f167fd..92d8de961e 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa24/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons-ccm-irsa24/kubernetes.tf @@ -608,7 +608,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/kubernetes.tf b/tests/integration/update_cluster/many-addons-ccm-irsa25/kubernetes.tf index 2a22f167fd..92d8de961e 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons-ccm-irsa25/kubernetes.tf @@ -608,7 +608,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/many-addons-ccm/kubernetes.tf b/tests/integration/update_cluster/many-addons-ccm/kubernetes.tf index e69d40bdd7..01b7f73dbd 100644 --- a/tests/integration/update_cluster/many-addons-ccm/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons-ccm/kubernetes.tf @@ -434,7 +434,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/many-addons/kubernetes.tf b/tests/integration/update_cluster/many-addons/kubernetes.tf index 17c2449fe4..753114f363 100644 --- a/tests/integration/update_cluster/many-addons/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons/kubernetes.tf @@ -419,7 +419,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/minimal-etcd/kubernetes.tf b/tests/integration/update_cluster/minimal-etcd/kubernetes.tf index 79506cfa37..4d58800cb4 100644 --- a/tests/integration/update_cluster/minimal-etcd/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-etcd/kubernetes.tf @@ -333,7 +333,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-etcd-example-c metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/minimal-gp3/kubernetes.tf b/tests/integration/update_cluster/minimal-gp3/kubernetes.tf index 9e13c47476..3ff0853d8d 100644 --- a/tests/integration/update_cluster/minimal-gp3/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-gp3/kubernetes.tf @@ -329,7 +329,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf index caa3686612..80f11ed7e1 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf @@ -396,7 +396,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf index c19d7e49bc..9f5c4dbcce 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf @@ -396,7 +396,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf index 1416b05a28..a59b3f0b7f 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf @@ -396,7 +396,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/minimal-ipv6/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6/kubernetes.tf index bec0e678b3..b6fd0e0dbd 100644 --- a/tests/integration/update_cluster/minimal-ipv6/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6/kubernetes.tf @@ -396,7 +396,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/minimal-longclustername/kubernetes.tf b/tests/integration/update_cluster/minimal-longclustername/kubernetes.tf index 6d86337cff..1385bb84fc 100644 --- a/tests/integration/update_cluster/minimal-longclustername/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-longclustername/kubernetes.tf @@ -333,7 +333,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-this-is-truly-a-really metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf b/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf index 41877d3458..82215b52c2 100644 --- a/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf @@ -341,7 +341,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-warmpool-examp metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/minimal/kubernetes.tf b/tests/integration/update_cluster/minimal/kubernetes.tf index 38fc8f49fb..235e16a6ea 100644 --- a/tests/integration/update_cluster/minimal/kubernetes.tf +++ b/tests/integration/update_cluster/minimal/kubernetes.tf @@ -333,7 +333,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/minimal_gossip/kubernetes.tf b/tests/integration/update_cluster/minimal_gossip/kubernetes.tf index 38157c58df..e05b124363 100644 --- a/tests/integration/update_cluster/minimal_gossip/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gossip/kubernetes.tf @@ -333,7 +333,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-k8s-local" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/mixed_instances/kubernetes.tf b/tests/integration/update_cluster/mixed_instances/kubernetes.tf index 3817b1701c..75398ad671 100644 --- a/tests/integration/update_cluster/mixed_instances/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances/kubernetes.tf @@ -549,7 +549,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { @@ -632,7 +632,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { @@ -715,7 +715,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf index d3fac60403..4fb9a2e2d2 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf @@ -549,7 +549,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { @@ -632,7 +632,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { @@ -715,7 +715,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/nth-imds-processor/kubernetes.tf b/tests/integration/update_cluster/nth-imds-processor/kubernetes.tf index 5df3554bf0..0766d70351 100644 --- a/tests/integration/update_cluster/nth-imds-processor/kubernetes.tf +++ b/tests/integration/update_cluster/nth-imds-processor/kubernetes.tf @@ -333,7 +333,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-nthimdsprocessor-longc metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/nvidia/kubernetes.tf b/tests/integration/update_cluster/nvidia/kubernetes.tf index 11ef1d4d38..f2b8221e96 100644 --- a/tests/integration/update_cluster/nvidia/kubernetes.tf +++ b/tests/integration/update_cluster/nvidia/kubernetes.tf @@ -338,7 +338,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf index 425cc71247..8ab456787e 100644 --- a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf @@ -524,7 +524,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-ip-exam metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf index 68128e3766..9361faeb6b 100644 --- a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf @@ -519,7 +519,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-subnet- metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/privatecanal/kubernetes.tf b/tests/integration/update_cluster/privatecanal/kubernetes.tf index 779e1a0085..4b998ec474 100644 --- a/tests/integration/update_cluster/privatecanal/kubernetes.tf +++ b/tests/integration/update_cluster/privatecanal/kubernetes.tf @@ -542,7 +542,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecanal-example-c metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf b/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf index 2c94382a17..44fb0b5670 100644 --- a/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf @@ -542,7 +542,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/privatecilium/kubernetes.tf b/tests/integration/update_cluster/privatecilium/kubernetes.tf index 2c94382a17..44fb0b5670 100644 --- a/tests/integration/update_cluster/privatecilium/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium/kubernetes.tf @@ -542,7 +542,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/privatecilium2/kubernetes.tf b/tests/integration/update_cluster/privatecilium2/kubernetes.tf index f3220aefbd..ceb897cb53 100644 --- a/tests/integration/update_cluster/privatecilium2/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium2/kubernetes.tf @@ -542,7 +542,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf index 65664224af..69b08c0ab3 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf +++ b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf @@ -559,7 +559,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateciliumadvanced- metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/privatedns1/kubernetes.tf b/tests/integration/update_cluster/privatedns1/kubernetes.tf index a9b1724ab5..535c7bb82d 100644 --- a/tests/integration/update_cluster/privatedns1/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns1/kubernetes.tf @@ -625,7 +625,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatedns1-example-co metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/privatedns2/kubernetes.tf b/tests/integration/update_cluster/privatedns2/kubernetes.tf index 13df5c2925..8ad545c62c 100644 --- a/tests/integration/update_cluster/privatedns2/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns2/kubernetes.tf @@ -533,7 +533,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatedns2-example-co metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/privateflannel/kubernetes.tf b/tests/integration/update_cluster/privateflannel/kubernetes.tf index 008a5f0550..e39094f81e 100644 --- a/tests/integration/update_cluster/privateflannel/kubernetes.tf +++ b/tests/integration/update_cluster/privateflannel/kubernetes.tf @@ -542,7 +542,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateflannel-example metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/privatekopeio/kubernetes.tf b/tests/integration/update_cluster/privatekopeio/kubernetes.tf index aa41541a53..92c6b948d5 100644 --- a/tests/integration/update_cluster/privatekopeio/kubernetes.tf +++ b/tests/integration/update_cluster/privatekopeio/kubernetes.tf @@ -548,7 +548,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatekopeio-example- metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/privateweave/kubernetes.tf b/tests/integration/update_cluster/privateweave/kubernetes.tf index 60c14a0a82..e451f344df 100644 --- a/tests/integration/update_cluster/privateweave/kubernetes.tf +++ b/tests/integration/update_cluster/privateweave/kubernetes.tf @@ -565,7 +565,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateweave-example-c metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/public-jwks-apiserver/kubernetes.tf b/tests/integration/update_cluster/public-jwks-apiserver/kubernetes.tf index 584b0fdfe4..75013043f4 100644 --- a/tests/integration/update_cluster/public-jwks-apiserver/kubernetes.tf +++ b/tests/integration/update_cluster/public-jwks-apiserver/kubernetes.tf @@ -438,7 +438,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/shared_subnet/kubernetes.tf b/tests/integration/update_cluster/shared_subnet/kubernetes.tf index 1e59f29270..e48d42a1c7 100644 --- a/tests/integration/update_cluster/shared_subnet/kubernetes.tf +++ b/tests/integration/update_cluster/shared_subnet/kubernetes.tf @@ -324,7 +324,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedsubnet-example-c metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/shared_vpc/kubernetes.tf b/tests/integration/update_cluster/shared_vpc/kubernetes.tf index ff7b4ebcd2..ea20beea2e 100644 --- a/tests/integration/update_cluster/shared_vpc/kubernetes.tf +++ b/tests/integration/update_cluster/shared_vpc/kubernetes.tf @@ -324,7 +324,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedvpc-example-com" metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf b/tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf index f2c0267af2..3563fb1a93 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf +++ b/tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf @@ -378,7 +378,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/unmanaged/kubernetes.tf b/tests/integration/update_cluster/unmanaged/kubernetes.tf index 56e49ed510..a88c3c0d36 100644 --- a/tests/integration/update_cluster/unmanaged/kubernetes.tf +++ b/tests/integration/update_cluster/unmanaged/kubernetes.tf @@ -524,7 +524,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-unmanaged-example-com" metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { diff --git a/tests/integration/update_cluster/vfs-said/kubernetes.tf b/tests/integration/update_cluster/vfs-said/kubernetes.tf index 288bbbf9e1..762ce44802 100644 --- a/tests/integration/update_cluster/vfs-said/kubernetes.tf +++ b/tests/integration/update_cluster/vfs-said/kubernetes.tf @@ -354,7 +354,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 3 + http_put_response_hop_limit = 1 http_tokens = "optional" } monitoring { From 3d47449625545be48db8c31d191e9aa46cd70d7e Mon Sep 17 00:00:00 2001 From: John Gardiner Myers Date: Wed, 11 Jan 2023 21:52:19 -0800 Subject: [PATCH 3/3] Update release notes and documentation --- docs/instance_groups.md | 6 +++--- docs/releases/1.27-NOTES.md | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/instance_groups.md b/docs/instance_groups.md index 56a23c3b51..ee53de612a 100644 --- a/docs/instance_groups.md +++ b/docs/instance_groups.md @@ -47,14 +47,14 @@ spec: ## instanceMetadata -By default, IMDSv2 is enabled for newly created clusters. The default hop limit is 1 for all node roles, except for control plane nodes with Kubernetes version lower than 1.26 or IRSA disabled, for which the default hop limit is 3. As of Kubernetes 1.27, these defaults are applied to existing clusters also. +By default, IMDSv2 is enabled for newly created clusters. As of Kubernetes 1.27, this default is applied to existing clusters as well. +The default hop limit is 1 for all node roles. -To enable IMDSv2 add the following configuration to the instance group: +To enable IMDSv2, add the following configuration to the instance group: ```YAML spec: instanceMetadata: - httpPutResponseHopLimit: 1 httpTokens: required ``` diff --git a/docs/releases/1.27-NOTES.md b/docs/releases/1.27-NOTES.md index 859b306b97..fcce980a72 100644 --- a/docs/releases/1.27-NOTES.md +++ b/docs/releases/1.27-NOTES.md @@ -8,7 +8,8 @@ This is a document to gather the release notes prior to the release. ## AWS -* As of Kubernetes version 1.27, all nodes will default to running with the instance metadata service enabled, with max hop limit of 1. Control plane nodes with IRSA disabled will default to running with a max hop limit of 3. +* As of Kubernetes version 1.27, all nodes will default to running with instance-metadata-service tokens required, with a max hop limit of 1. +Newly created clusters will be configured as necessary to have these settings. ## GCP