-
Notifications
You must be signed in to change notification settings - Fork 951
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
httpPutResponseHopLimit: 1 not compatible with EBS csi driver #7200
Comments
The team wanted to take in security best practice by Disabling IMDS Access from Containers by Default. However, I do think this should be called out in our documentation to give some guidance to customers |
@drawnwren Why are not able to use Kubernetes Metadata? Seems like that would a reasonable fallback
|
I'm not sure. I'm just using the default eks method for adding the |
Are you using AWS CCM in your cluster? |
Description
Karpenter defaults to
httpPutResponseLimit: 1
, but according to this (rather hard to find) ebs csi documentation, https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/docs/install.md#imds-ec2-metadata,httpPutResponseLimit: 2
is required for EBS compatibility. 2 might be a default that makes more sense (give that I think ebs is a fairly common add-on to use?).The text was updated successfully, but these errors were encountered: