diff --git a/cloudmock/aws/mockec2/launch_templates.go b/cloudmock/aws/mockec2/launch_templates.go index 51cb0aee91375..52a5aa844c060 100644 --- a/cloudmock/aws/mockec2/launch_templates.go +++ b/cloudmock/aws/mockec2/launch_templates.go @@ -147,6 +147,12 @@ func (m *MockEC2) CreateLaunchTemplate(request *ec2.CreateLaunchTemplateInput) ( name: request.LaunchTemplateName, } + if request.LaunchTemplateData.MetadataOptions != nil { + resp.MetadataOptions = &ec2.LaunchTemplateInstanceMetadataOptions{ + HttpTokens: request.LaunchTemplateData.MetadataOptions.HttpTokens, + HttpPutResponseHopLimit: request.LaunchTemplateData.MetadataOptions.HttpPutResponseHopLimit, + } + } if request.LaunchTemplateData.Monitoring != nil { resp.Monitoring = &ec2.LaunchTemplatesMonitoring{Enabled: request.LaunchTemplateData.Monitoring.Enabled} } diff --git a/k8s/crds/kops.k8s.io_instancegroups.yaml b/k8s/crds/kops.k8s.io_instancegroups.yaml index 2f01412cc92af..6748a6c214e28 100644 --- a/k8s/crds/kops.k8s.io_instancegroups.yaml +++ b/k8s/crds/kops.k8s.io_instancegroups.yaml @@ -193,6 +193,17 @@ spec: instanceInterruptionBehavior: description: InstanceInterruptionBehavior defines if a spot instance should be terminated, hibernated, or stopped after interruption type: string + instanceMetadata: + description: InstanceMetadata defines the EC2 instance metadata service options (AWS Only) + properties: + httpPutResponseHopLimit: + description: HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. The default value is 1. + format: int64 + type: integer + httpTokens: + description: HTTPTokens is the state of token usage for the instance metadata requests. If the parameter is not specified in the request, the default state is "optional". + type: string + type: object instanceProtection: description: InstanceProtection makes new instances in an autoscaling group protected from scale in type: boolean diff --git a/pkg/apis/kops/instancegroup.go b/pkg/apis/kops/instancegroup.go index 76d3450ba2396..c22009dd73640 100644 --- a/pkg/apis/kops/instancegroup.go +++ b/pkg/apis/kops/instancegroup.go @@ -168,6 +168,8 @@ type InstanceGroupSpec struct { InstanceInterruptionBehavior *string `json:"instanceInterruptionBehavior,omitempty"` // CompressUserData compresses parts of the user data to save space CompressUserData *bool `json:"compressUserData,omitempty"` + // InstanceMetadata defines the EC2 instance metadata service options (AWS Only) + InstanceMetadata *InstanceMetadataOptions `json:"instanceMetadata,omitempty"` } const ( @@ -182,6 +184,16 @@ const ( // SpotAllocationStrategies is a collection of supported strategies var SpotAllocationStrategies = []string{SpotAllocationStrategyLowestPrices, SpotAllocationStrategyDiversified, SpotAllocationStrategyCapacityOptimized} +// InstanceMetadata defines the EC2 instance metadata service options (AWS Only) +type InstanceMetadataOptions struct { + // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + // The larger the number, the further instance metadata requests can travel. The default value is 1. + HTTPPutResponseHopLimit *int64 `json:"httpPutResponseHopLimit,omitempty"` + // HTTPTokens is the state of token usage for the instance metadata requests. + // If the parameter is not specified in the request, the default state is "optional". + HTTPTokens *string `json:"httpTokens,omitempty"` +} + // MixedInstancesPolicySpec defines the specification for an autoscaling group backed by a ec2 fleet type MixedInstancesPolicySpec struct { // Instances is a list of instance types which we are willing to run in the EC2 fleet diff --git a/pkg/apis/kops/v1alpha2/instancegroup.go b/pkg/apis/kops/v1alpha2/instancegroup.go index e619252ba6d84..905e7939f3b89 100644 --- a/pkg/apis/kops/v1alpha2/instancegroup.go +++ b/pkg/apis/kops/v1alpha2/instancegroup.go @@ -166,6 +166,8 @@ type InstanceGroupSpec struct { InstanceInterruptionBehavior *string `json:"instanceInterruptionBehavior,omitempty"` // CompressUserData compresses parts of the user data to save space CompressUserData *bool `json:"compressUserData,omitempty"` + // InstanceMetadata defines the EC2 instance metadata service options (AWS Only) + InstanceMetadata *InstanceMetadataOptions `json:"instanceMetadata,omitempty"` } const ( @@ -180,6 +182,16 @@ const ( // SpotAllocationStrategies is a collection of supported strategies var SpotAllocationStrategies = []string{SpotAllocationStrategyLowestPrices, SpotAllocationStrategyDiversified, SpotAllocationStrategyCapacityOptimized} +// InstanceMetadata defines the EC2 instance metadata service options (AWS Only) +type InstanceMetadataOptions struct { + // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + // The larger the number, the further instance metadata requests can travel. The default value is 1. + HTTPPutResponseHopLimit *int64 `json:"httpPutResponseHopLimit,omitempty"` + // HTTPTokens is the state of token usage for the instance metadata requests. + // If the parameter is not specified in the request, the default state is "optional". + HTTPTokens *string `json:"httpTokens,omitempty"` +} + // MixedInstancesPolicySpec defines the specification for an autoscaling group backed by a ec2 fleet type MixedInstancesPolicySpec struct { // Instances is a list of instance types which we are willing to run in the EC2 fleet diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index a1c7661bfde2b..2022d66cf07c1 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -513,6 +513,16 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*InstanceMetadataOptions)(nil), (*kops.InstanceMetadataOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions(a.(*InstanceMetadataOptions), b.(*kops.InstanceMetadataOptions), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*kops.InstanceMetadataOptions)(nil), (*InstanceMetadataOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_kops_InstanceMetadataOptions_To_v1alpha2_InstanceMetadataOptions(a.(*kops.InstanceMetadataOptions), b.(*InstanceMetadataOptions), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*Keyset)(nil), (*kops.Keyset)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha2_Keyset_To_kops_Keyset(a.(*Keyset), b.(*kops.Keyset), scope) }); err != nil { @@ -3572,6 +3582,15 @@ func autoConvert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec(in *Instan } out.InstanceInterruptionBehavior = in.InstanceInterruptionBehavior out.CompressUserData = in.CompressUserData + if in.InstanceMetadata != nil { + in, out := &in.InstanceMetadata, &out.InstanceMetadata + *out = new(kops.InstanceMetadataOptions) + if err := Convert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions(*in, *out, s); err != nil { + return err + } + } else { + out.InstanceMetadata = nil + } return nil } @@ -3712,6 +3731,15 @@ func autoConvert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in *kops.I } out.InstanceInterruptionBehavior = in.InstanceInterruptionBehavior out.CompressUserData = in.CompressUserData + if in.InstanceMetadata != nil { + in, out := &in.InstanceMetadata, &out.InstanceMetadata + *out = new(InstanceMetadataOptions) + if err := Convert_kops_InstanceMetadataOptions_To_v1alpha2_InstanceMetadataOptions(*in, *out, s); err != nil { + return err + } + } else { + out.InstanceMetadata = nil + } return nil } @@ -3720,6 +3748,28 @@ func Convert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in *kops.Insta return autoConvert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in, out, s) } +func autoConvert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions(in *InstanceMetadataOptions, out *kops.InstanceMetadataOptions, s conversion.Scope) error { + out.HTTPPutResponseHopLimit = in.HTTPPutResponseHopLimit + out.HTTPTokens = in.HTTPTokens + return nil +} + +// Convert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions is an autogenerated conversion function. +func Convert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions(in *InstanceMetadataOptions, out *kops.InstanceMetadataOptions, s conversion.Scope) error { + return autoConvert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions(in, out, s) +} + +func autoConvert_kops_InstanceMetadataOptions_To_v1alpha2_InstanceMetadataOptions(in *kops.InstanceMetadataOptions, out *InstanceMetadataOptions, s conversion.Scope) error { + out.HTTPPutResponseHopLimit = in.HTTPPutResponseHopLimit + out.HTTPTokens = in.HTTPTokens + return nil +} + +// Convert_kops_InstanceMetadataOptions_To_v1alpha2_InstanceMetadataOptions is an autogenerated conversion function. +func Convert_kops_InstanceMetadataOptions_To_v1alpha2_InstanceMetadataOptions(in *kops.InstanceMetadataOptions, out *InstanceMetadataOptions, s conversion.Scope) error { + return autoConvert_kops_InstanceMetadataOptions_To_v1alpha2_InstanceMetadataOptions(in, out, s) +} + func autoConvert_v1alpha2_Keyset_To_kops_Keyset(in *Keyset, out *kops.Keyset, s conversion.Scope) error { out.ObjectMeta = in.ObjectMeta if err := Convert_v1alpha2_KeysetSpec_To_kops_KeysetSpec(&in.Spec, &out.Spec, s); err != nil { diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go index c14b35f9f219c..ee8aa6b3c8e04 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go @@ -1928,6 +1928,11 @@ func (in *InstanceGroupSpec) DeepCopyInto(out *InstanceGroupSpec) { *out = new(bool) **out = **in } + if in.InstanceMetadata != nil { + in, out := &in.InstanceMetadata, &out.InstanceMetadata + *out = new(InstanceMetadataOptions) + (*in).DeepCopyInto(*out) + } return } @@ -1941,6 +1946,32 @@ func (in *InstanceGroupSpec) DeepCopy() *InstanceGroupSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceMetadataOptions) DeepCopyInto(out *InstanceMetadataOptions) { + *out = *in + if in.HTTPPutResponseHopLimit != nil { + in, out := &in.HTTPPutResponseHopLimit, &out.HTTPPutResponseHopLimit + *out = new(int64) + **out = **in + } + if in.HTTPTokens != nil { + in, out := &in.HTTPTokens, &out.HTTPTokens + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceMetadataOptions. +func (in *InstanceMetadataOptions) DeepCopy() *InstanceMetadataOptions { + if in == nil { + return nil + } + out := new(InstanceMetadataOptions) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Keyset) DeepCopyInto(out *Keyset) { *out = *in diff --git a/pkg/apis/kops/validation/aws.go b/pkg/apis/kops/validation/aws.go index 82837412055f5..dd0a30713b2ff 100644 --- a/pkg/apis/kops/validation/aws.go +++ b/pkg/apis/kops/validation/aws.go @@ -56,6 +56,28 @@ func awsValidateInstanceGroup(ig *kops.InstanceGroup, cloud awsup.AWSCloud) fiel allErrs = append(allErrs, awsValidateMixedInstancesPolicy(field.NewPath("spec", "mixedInstancesPolicy"), ig.Spec.MixedInstancesPolicy, ig, cloud)...) } + if ig.Spec.InstanceMetadata != nil { + allErrs = append(allErrs, awsValidateInstanceMetadata(field.NewPath("spec", "instanceMetadata"), ig.Spec.InstanceMetadata)...) + } + + return allErrs +} + +func awsValidateInstanceMetadata(fieldPath *field.Path, instanceMetadata *kops.InstanceMetadataOptions) field.ErrorList { + allErrs := field.ErrorList{} + + if instanceMetadata.HTTPTokens != nil { + allErrs = append(allErrs, IsValidValue(fieldPath.Child("httpTokens"), instanceMetadata.HTTPTokens, []string{"optional", "required"})...) + } + + if instanceMetadata.HTTPPutResponseHopLimit != nil { + httpPutResponseHopLimit := fi.Int64Value(instanceMetadata.HTTPPutResponseHopLimit) + if httpPutResponseHopLimit < 1 || httpPutResponseHopLimit > 64 { + allErrs = append(allErrs, field.Invalid(fieldPath.Child("httpPutResponseHopLimit"), instanceMetadata.HTTPPutResponseHopLimit, + "HTTPPutResponseLimit must be a value between 1 and 64")) + } + } + return allErrs } diff --git a/pkg/apis/kops/validation/aws_test.go b/pkg/apis/kops/validation/aws_test.go index cc7cc97abdb56..b0205f5f05183 100644 --- a/pkg/apis/kops/validation/aws_test.go +++ b/pkg/apis/kops/validation/aws_test.go @@ -157,3 +157,48 @@ func TestValidateInstanceGroupSpec(t *testing.T) { testErrors(t, g.Input, errs, g.ExpectedErrors) } } + +func TestInstanceMetadataOptions(t *testing.T) { + cloud := awsup.BuildMockAWSCloud("us-east-1", "abc") + + tests := []struct { + ig *kops.InstanceGroup + expected []string + }{ + { + ig: &kops.InstanceGroup{ + ObjectMeta: v1.ObjectMeta{ + Name: "some-ig", + }, + Spec: kops.InstanceGroupSpec{ + Role: "Node", + InstanceMetadata: &kops.InstanceMetadataOptions{ + HTTPPutResponseHopLimit: fi.Int64(1), + HTTPTokens: fi.String("abc"), + }, + }, + }, + expected: []string{"Unsupported value::spec.instanceMetadata.httpTokens"}, + }, + { + ig: &kops.InstanceGroup{ + ObjectMeta: v1.ObjectMeta{ + Name: "some-ig", + }, + Spec: kops.InstanceGroupSpec{ + Role: "Node", + InstanceMetadata: &kops.InstanceMetadataOptions{ + HTTPPutResponseHopLimit: fi.Int64(-1), + HTTPTokens: fi.String("required"), + }, + }, + }, + expected: []string{"Invalid value::spec.instanceMetadata.httpPutResponseHopLimit"}, + }, + } + + for _, test := range tests { + errs := ValidateInstanceGroup(test.ig, cloud) + testErrors(t, test.ig.ObjectMeta.Name, errs, test.expected) + } +} diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go index 3142532dedb7c..801cba19285b4 100644 --- a/pkg/apis/kops/zz_generated.deepcopy.go +++ b/pkg/apis/kops/zz_generated.deepcopy.go @@ -2094,6 +2094,11 @@ func (in *InstanceGroupSpec) DeepCopyInto(out *InstanceGroupSpec) { *out = new(bool) **out = **in } + if in.InstanceMetadata != nil { + in, out := &in.InstanceMetadata, &out.InstanceMetadata + *out = new(InstanceMetadataOptions) + (*in).DeepCopyInto(*out) + } return } @@ -2107,6 +2112,32 @@ func (in *InstanceGroupSpec) DeepCopy() *InstanceGroupSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceMetadataOptions) DeepCopyInto(out *InstanceMetadataOptions) { + *out = *in + if in.HTTPPutResponseHopLimit != nil { + in, out := &in.HTTPPutResponseHopLimit, &out.HTTPPutResponseHopLimit + *out = new(int64) + **out = **in + } + if in.HTTPTokens != nil { + in, out := &in.HTTPTokens, &out.HTTPTokens + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceMetadataOptions. +func (in *InstanceMetadataOptions) DeepCopy() *InstanceMetadataOptions { + if in == nil { + return nil + } + out := new(InstanceMetadataOptions) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Keyset) DeepCopyInto(out *Keyset) { *out = *in diff --git a/pkg/model/awsmodel/autoscalinggroup.go b/pkg/model/awsmodel/autoscalinggroup.go index daac1660eb245..365e7b24a858e 100644 --- a/pkg/model/awsmodel/autoscalinggroup.go +++ b/pkg/model/awsmodel/autoscalinggroup.go @@ -115,24 +115,26 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchTemplateTask(c *fi.ModelBuilde // LaunchConfiguration as an anonymous field, bit given up the task dependency walker works this caused issues, due // to the creation of a implicit dependency lt := &awstasks.LaunchTemplate{ - Name: fi.String(name), - Lifecycle: b.Lifecycle, - AssociatePublicIP: lc.AssociatePublicIP, - BlockDeviceMappings: lc.BlockDeviceMappings, - IAMInstanceProfile: lc.IAMInstanceProfile, - ImageID: lc.ImageID, - InstanceMonitoring: lc.InstanceMonitoring, - InstanceType: lc.InstanceType, - RootVolumeOptimization: lc.RootVolumeOptimization, - RootVolumeSize: lc.RootVolumeSize, - RootVolumeIops: lc.RootVolumeIops, - RootVolumeType: lc.RootVolumeType, - RootVolumeEncryption: lc.RootVolumeEncryption, - SSHKey: lc.SSHKey, - SecurityGroups: lc.SecurityGroups, - Tags: tags, - Tenancy: lc.Tenancy, - UserData: lc.UserData, + Name: fi.String(name), + Lifecycle: b.Lifecycle, + AssociatePublicIP: lc.AssociatePublicIP, + BlockDeviceMappings: lc.BlockDeviceMappings, + IAMInstanceProfile: lc.IAMInstanceProfile, + ImageID: lc.ImageID, + InstanceMonitoring: lc.InstanceMonitoring, + InstanceType: lc.InstanceType, + RootVolumeOptimization: lc.RootVolumeOptimization, + RootVolumeSize: lc.RootVolumeSize, + RootVolumeIops: lc.RootVolumeIops, + RootVolumeType: lc.RootVolumeType, + RootVolumeEncryption: lc.RootVolumeEncryption, + SSHKey: lc.SSHKey, + SecurityGroups: lc.SecurityGroups, + Tags: tags, + Tenancy: lc.Tenancy, + UserData: lc.UserData, + HTTPTokens: lc.HTTPTokens, + HTTPPutResponseHopLimit: lc.HTTPPutResponseHopLimit, } // When using a MixedInstances ASG, AWS requires the SpotPrice be defined on the ASG // rather than the LaunchTemplate or else it returns this error: @@ -215,6 +217,15 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchConfigurationTask(c *fi.ModelB SecurityGroups: []*awstasks.SecurityGroup{sgLink}, } + t.HTTPTokens = fi.String("optional") + if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPTokens != nil { + t.HTTPTokens = ig.Spec.InstanceMetadata.HTTPTokens + } + t.HTTPPutResponseHopLimit = fi.Int64(1) + if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit != nil { + t.HTTPPutResponseHopLimit = ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit + } + if b.APILoadBalancerClass() == kops.LoadBalancerClassNetwork { for _, id := range b.Cluster.Spec.API.LoadBalancer.AdditionalSecurityGroups { sgTask := &awstasks.SecurityGroup{ diff --git a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf index 44a06ad9fa4ef..355a2f939321e 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf +++ b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf @@ -430,6 +430,10 @@ resource "aws_launch_template" "bastion-bastionuserdata-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.bastionuserdata.example.com" network_interfaces { associate_public_ip_address = true @@ -495,6 +499,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-bastionuserdata-exampl lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.bastionuserdata.example.com" network_interfaces { associate_public_ip_address = false @@ -556,6 +564,10 @@ resource "aws_launch_template" "nodes-bastionuserdata-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.bastionuserdata.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/complex/cloudformation.json b/tests/integration/update_cluster/complex/cloudformation.json index 91acb5423cde3..64018fb69cab6 100644 --- a/tests/integration/update_cluster/complex/cloudformation.json +++ b/tests/integration/update_cluster/complex/cloudformation.json @@ -266,6 +266,10 @@ }, "ImageId": "ami-12345678", "InstanceType": "m3.medium", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "required" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -401,6 +405,10 @@ }, "ImageId": "ami-12345678", "InstanceType": "t2.medium", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "Monitoring": { "Enabled": true }, diff --git a/tests/integration/update_cluster/complex/in-legacy-v1alpha2.yaml b/tests/integration/update_cluster/complex/in-legacy-v1alpha2.yaml index b440f4dabf810..b8e55435f774c 100644 --- a/tests/integration/update_cluster/complex/in-legacy-v1alpha2.yaml +++ b/tests/integration/update_cluster/complex/in-legacy-v1alpha2.yaml @@ -129,6 +129,9 @@ spec: rootVolumeEncryptionKey: arn:aws:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab subnets: - us-test-1a + instanceMetadata: + httpTokens: required + httpPutResponseHopLimit: 1 additionalUserData: - name: myscript.sh type: text/x-shellscript diff --git a/tests/integration/update_cluster/complex/in-v1alpha2.yaml b/tests/integration/update_cluster/complex/in-v1alpha2.yaml index d6f4db9ac4890..e974f16b7d9b1 100644 --- a/tests/integration/update_cluster/complex/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/complex/in-v1alpha2.yaml @@ -129,6 +129,9 @@ spec: rootVolumeEncryptionKey: arn:aws:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab subnets: - us-test-1a + instanceMetadata: + httpTokens: required + httpPutResponseHopLimit: 1 additionalUserData: - name: myscript.sh type: text/x-shellscript diff --git a/tests/integration/update_cluster/complex/kubernetes.tf b/tests/integration/update_cluster/complex/kubernetes.tf index 47330e4beec82..7da3e49ab29ef 100644 --- a/tests/integration/update_cluster/complex/kubernetes.tf +++ b/tests/integration/update_cluster/complex/kubernetes.tf @@ -298,6 +298,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-complex-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "required" + } name = "master-us-test-1a.masters.complex.example.com" network_interfaces { associate_public_ip_address = true @@ -374,6 +378,10 @@ resource "aws_launch_template" "nodes-complex-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } monitoring { enabled = true } diff --git a/tests/integration/update_cluster/compress/kubernetes.tf b/tests/integration/update_cluster/compress/kubernetes.tf index 5a0cd06aa6ee9..50ce92493f9d0 100644 --- a/tests/integration/update_cluster/compress/kubernetes.tf +++ b/tests/integration/update_cluster/compress/kubernetes.tf @@ -267,6 +267,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-compress-example-com" lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.compress.example.com" network_interfaces { associate_public_ip_address = true @@ -327,6 +331,10 @@ resource "aws_launch_template" "nodes-compress-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.compress.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json b/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json index 300ecc1212a49..98ca4bb0de612 100644 --- a/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json @@ -222,6 +222,10 @@ "ImageId": "ami-11400000", "InstanceType": "m3.medium", "KeyName": "kubernetes.containerd.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -330,6 +334,10 @@ "ImageId": "ami-11400000", "InstanceType": "t2.medium", "KeyName": "kubernetes.containerd.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, diff --git a/tests/integration/update_cluster/existing_iam/kubernetes.tf b/tests/integration/update_cluster/existing_iam/kubernetes.tf index 98baca92f8bb1..2cebd38bcade0 100644 --- a/tests/integration/update_cluster/existing_iam/kubernetes.tf +++ b/tests/integration/update_cluster/existing_iam/kubernetes.tf @@ -388,6 +388,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-existing-iam-example-c lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.existing-iam.example.com" network_interfaces { associate_public_ip_address = true @@ -453,6 +457,10 @@ resource "aws_launch_template" "master-us-test-1b-masters-existing-iam-example-c lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1b.masters.existing-iam.example.com" network_interfaces { associate_public_ip_address = true @@ -518,6 +526,10 @@ resource "aws_launch_template" "master-us-test-1c-masters-existing-iam-example-c lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1c.masters.existing-iam.example.com" network_interfaces { associate_public_ip_address = true @@ -579,6 +591,10 @@ resource "aws_launch_template" "nodes-existing-iam-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.existing-iam.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json index 2c6f2c23060c0..4b89e05869b6c 100644 --- a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json @@ -220,6 +220,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -326,6 +330,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, diff --git a/tests/integration/update_cluster/existing_sg/kubernetes.tf b/tests/integration/update_cluster/existing_sg/kubernetes.tf index da93cad6fd2da..eeb1a956b19f8 100644 --- a/tests/integration/update_cluster/existing_sg/kubernetes.tf +++ b/tests/integration/update_cluster/existing_sg/kubernetes.tf @@ -469,6 +469,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-existingsg-example-com lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.existingsg.example.com" network_interfaces { associate_public_ip_address = true @@ -534,6 +538,10 @@ resource "aws_launch_template" "master-us-test-1b-masters-existingsg-example-com lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1b.masters.existingsg.example.com" network_interfaces { associate_public_ip_address = true @@ -599,6 +607,10 @@ resource "aws_launch_template" "master-us-test-1c-masters-existingsg-example-com lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1c.masters.existingsg.example.com" network_interfaces { associate_public_ip_address = true @@ -660,6 +672,10 @@ resource "aws_launch_template" "nodes-existingsg-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.existingsg.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/externallb/cloudformation.json b/tests/integration/update_cluster/externallb/cloudformation.json index 20341557cb0ee..78688ac4578c7 100644 --- a/tests/integration/update_cluster/externallb/cloudformation.json +++ b/tests/integration/update_cluster/externallb/cloudformation.json @@ -237,6 +237,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.externallb.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -345,6 +349,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.externallb.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, diff --git a/tests/integration/update_cluster/externallb/kubernetes.tf b/tests/integration/update_cluster/externallb/kubernetes.tf index 06c2d21a9a7df..c3f465a8ba886 100644 --- a/tests/integration/update_cluster/externallb/kubernetes.tf +++ b/tests/integration/update_cluster/externallb/kubernetes.tf @@ -282,6 +282,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-externallb-example-com lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.externallb.example.com" network_interfaces { associate_public_ip_address = true @@ -343,6 +347,10 @@ resource "aws_launch_template" "nodes-externallb-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.externallb.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/externalpolicies/kubernetes.tf b/tests/integration/update_cluster/externalpolicies/kubernetes.tf index 27574b523f32c..cda16602e23bf 100644 --- a/tests/integration/update_cluster/externalpolicies/kubernetes.tf +++ b/tests/integration/update_cluster/externalpolicies/kubernetes.tf @@ -346,6 +346,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-externalpolicies-examp lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.externalpolicies.example.com" network_interfaces { associate_public_ip_address = true @@ -413,6 +417,10 @@ resource "aws_launch_template" "nodes-externalpolicies-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } monitoring { enabled = true } diff --git a/tests/integration/update_cluster/ha/kubernetes.tf b/tests/integration/update_cluster/ha/kubernetes.tf index 80971f8e232fa..6f0dddbe052d7 100644 --- a/tests/integration/update_cluster/ha/kubernetes.tf +++ b/tests/integration/update_cluster/ha/kubernetes.tf @@ -440,6 +440,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-ha-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.ha.example.com" network_interfaces { associate_public_ip_address = true @@ -505,6 +509,10 @@ resource "aws_launch_template" "master-us-test-1b-masters-ha-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1b.masters.ha.example.com" network_interfaces { associate_public_ip_address = true @@ -570,6 +578,10 @@ resource "aws_launch_template" "master-us-test-1c-masters-ha-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1c.masters.ha.example.com" network_interfaces { associate_public_ip_address = true @@ -631,6 +643,10 @@ resource "aws_launch_template" "nodes-ha-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.ha.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json index 8d03a8e6c56e2..2cfb831928b54 100644 --- a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json @@ -222,6 +222,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -330,6 +334,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, diff --git a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json index 5f077fa35ffc7..4c408a07bf411 100644 --- a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json +++ b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json @@ -323,6 +323,10 @@ "image_id": "ami-12345678", "instance_type": "m3.medium", "key_name": "${aws_key_pair.kubernetes-minimal-json-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}", + "metadata_options": { + "http_put_response_hop_limit": 1, + "http_tokens": "optional" + }, "network_interfaces": [ { "associate_public_ip_address": true, @@ -395,6 +399,10 @@ "image_id": "ami-12345678", "instance_type": "t2.medium", "key_name": "${aws_key_pair.kubernetes-minimal-json-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}", + "metadata_options": { + "http_put_response_hop_limit": 1, + "http_tokens": "optional" + }, "network_interfaces": [ { "associate_public_ip_address": true, diff --git a/tests/integration/update_cluster/minimal-tf11/kubernetes.tf b/tests/integration/update_cluster/minimal-tf11/kubernetes.tf index b42b2e259ec37..f9840389afaad 100644 --- a/tests/integration/update_cluster/minimal-tf11/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-tf11/kubernetes.tf @@ -310,6 +310,11 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-tf11-example-c instance_type = "m3.medium" key_name = "${aws_key_pair.kubernetes-minimal-tf11-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" + metadata_options = { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } + network_interfaces = { associate_public_ip_address = true delete_on_termination = true @@ -383,6 +388,11 @@ resource "aws_launch_template" "nodes-minimal-tf11-example-com" { instance_type = "t2.medium" key_name = "${aws_key_pair.kubernetes-minimal-tf11-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" + metadata_options = { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } + network_interfaces = { associate_public_ip_address = true delete_on_termination = true diff --git a/tests/integration/update_cluster/minimal/kubernetes.tf b/tests/integration/update_cluster/minimal/kubernetes.tf index 34a5899eacfcf..510e53de08e9d 100644 --- a/tests/integration/update_cluster/minimal/kubernetes.tf +++ b/tests/integration/update_cluster/minimal/kubernetes.tf @@ -278,6 +278,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.minimal.example.com" network_interfaces { associate_public_ip_address = true @@ -339,6 +343,10 @@ resource "aws_launch_template" "nodes-minimal-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.minimal.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/mixed_instances/cloudformation.json b/tests/integration/update_cluster/mixed_instances/cloudformation.json index 0260fc093c51e..a2e0a9f303f64 100644 --- a/tests/integration/update_cluster/mixed_instances/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances/cloudformation.json @@ -393,6 +393,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -505,6 +509,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -617,6 +625,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -725,6 +737,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, diff --git a/tests/integration/update_cluster/mixed_instances/kubernetes.tf b/tests/integration/update_cluster/mixed_instances/kubernetes.tf index 2ab33f2b1ea53..5762e2bf6f115 100644 --- a/tests/integration/update_cluster/mixed_instances/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances/kubernetes.tf @@ -458,6 +458,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true @@ -523,6 +527,10 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1b.masters.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true @@ -588,6 +596,10 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1c.masters.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true @@ -649,6 +661,10 @@ resource "aws_launch_template" "nodes-mixedinstances-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json index 4d47ef9ed0a40..47da19c927118 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json @@ -394,6 +394,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -506,6 +510,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -618,6 +626,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -726,6 +738,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, diff --git a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf index 827c78c574bd1..94856bb9d8e2c 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf @@ -458,6 +458,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true @@ -523,6 +527,10 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1b.masters.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true @@ -588,6 +596,10 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1c.masters.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true @@ -649,6 +661,10 @@ resource "aws_launch_template" "nodes-mixedinstances-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/private-shared-ip/cloudformation.json b/tests/integration/update_cluster/private-shared-ip/cloudformation.json index 42c38d82ee721..7fc1c8d09dd2e 100644 --- a/tests/integration/update_cluster/private-shared-ip/cloudformation.json +++ b/tests/integration/update_cluster/private-shared-ip/cloudformation.json @@ -262,6 +262,10 @@ "ImageId": "ami-11400000", "InstanceType": "t2.micro", "KeyName": "kubernetes.private-shared-ip.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -374,6 +378,10 @@ "ImageId": "ami-11400000", "InstanceType": "m3.medium", "KeyName": "kubernetes.private-shared-ip.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, @@ -482,6 +490,10 @@ "ImageId": "ami-11400000", "InstanceType": "t2.medium", "KeyName": "kubernetes.private-shared-ip.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, diff --git a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf index fa9d9d14b4d19..60b723b2438e7 100644 --- a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf @@ -407,6 +407,10 @@ resource "aws_launch_template" "bastion-private-shared-ip-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.private-shared-ip.example.com" network_interfaces { associate_public_ip_address = true @@ -471,6 +475,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-ip-exam lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.private-shared-ip.example.com" network_interfaces { associate_public_ip_address = false @@ -532,6 +540,10 @@ resource "aws_launch_template" "nodes-private-shared-ip-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.private-shared-ip.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf index 86e143fdacffc..9a6ccca62db31 100644 --- a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf @@ -402,6 +402,10 @@ resource "aws_launch_template" "bastion-private-shared-subnet-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.private-shared-subnet.example.com" network_interfaces { associate_public_ip_address = true @@ -466,6 +470,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-subnet- lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.private-shared-subnet.example.com" network_interfaces { associate_public_ip_address = false @@ -527,6 +535,10 @@ resource "aws_launch_template" "nodes-private-shared-subnet-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.private-shared-subnet.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json b/tests/integration/update_cluster/privatecalico/cloudformation.json index de4a31d93f216..b6deace2bc38b 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json @@ -324,6 +324,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.micro", "KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -436,6 +440,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, @@ -544,6 +552,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, diff --git a/tests/integration/update_cluster/privatecalico/kubernetes.tf b/tests/integration/update_cluster/privatecalico/kubernetes.tf index 9542f68e472a7..141eb62b48e68 100644 --- a/tests/integration/update_cluster/privatecalico/kubernetes.tf +++ b/tests/integration/update_cluster/privatecalico/kubernetes.tf @@ -430,6 +430,10 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatecalico.example.com" network_interfaces { associate_public_ip_address = true @@ -494,6 +498,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example- lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatecalico.example.com" network_interfaces { associate_public_ip_address = false @@ -555,6 +563,10 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatecalico.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatecanal/kubernetes.tf b/tests/integration/update_cluster/privatecanal/kubernetes.tf index b6da6fd500974..40bc669c91c23 100644 --- a/tests/integration/update_cluster/privatecanal/kubernetes.tf +++ b/tests/integration/update_cluster/privatecanal/kubernetes.tf @@ -430,6 +430,10 @@ resource "aws_launch_template" "bastion-privatecanal-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatecanal.example.com" network_interfaces { associate_public_ip_address = true @@ -494,6 +498,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecanal-example-c lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatecanal.example.com" network_interfaces { associate_public_ip_address = false @@ -555,6 +563,10 @@ resource "aws_launch_template" "nodes-privatecanal-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatecanal.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatecilium/cloudformation.json b/tests/integration/update_cluster/privatecilium/cloudformation.json index bac7296f5dba6..b104bb485543b 100644 --- a/tests/integration/update_cluster/privatecilium/cloudformation.json +++ b/tests/integration/update_cluster/privatecilium/cloudformation.json @@ -324,6 +324,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.micro", "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -436,6 +440,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, @@ -544,6 +552,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, diff --git a/tests/integration/update_cluster/privatecilium/kubernetes.tf b/tests/integration/update_cluster/privatecilium/kubernetes.tf index 155e80e7a0cd0..3f87c7b7276e7 100644 --- a/tests/integration/update_cluster/privatecilium/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium/kubernetes.tf @@ -430,6 +430,10 @@ resource "aws_launch_template" "bastion-privatecilium-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatecilium.example.com" network_interfaces { associate_public_ip_address = true @@ -494,6 +498,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatecilium.example.com" network_interfaces { associate_public_ip_address = false @@ -555,6 +563,10 @@ resource "aws_launch_template" "nodes-privatecilium-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatecilium.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatecilium2/cloudformation.json b/tests/integration/update_cluster/privatecilium2/cloudformation.json index bac7296f5dba6..b104bb485543b 100644 --- a/tests/integration/update_cluster/privatecilium2/cloudformation.json +++ b/tests/integration/update_cluster/privatecilium2/cloudformation.json @@ -324,6 +324,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.micro", "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -436,6 +440,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, @@ -544,6 +552,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, diff --git a/tests/integration/update_cluster/privatecilium2/kubernetes.tf b/tests/integration/update_cluster/privatecilium2/kubernetes.tf index 155e80e7a0cd0..3f87c7b7276e7 100644 --- a/tests/integration/update_cluster/privatecilium2/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium2/kubernetes.tf @@ -430,6 +430,10 @@ resource "aws_launch_template" "bastion-privatecilium-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatecilium.example.com" network_interfaces { associate_public_ip_address = true @@ -494,6 +498,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatecilium.example.com" network_interfaces { associate_public_ip_address = false @@ -555,6 +563,10 @@ resource "aws_launch_template" "nodes-privatecilium-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatecilium.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json index 0bbe23b7ca0d9..3e30838ded988 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json +++ b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json @@ -324,6 +324,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.micro", "KeyName": "kubernetes.privateciliumadvanced.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -436,6 +440,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.privateciliumadvanced.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, @@ -544,6 +552,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.privateciliumadvanced.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, diff --git a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf index 636951eb67c7f..47c06056ab225 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf +++ b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf @@ -444,6 +444,10 @@ resource "aws_launch_template" "bastion-privateciliumadvanced-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privateciliumadvanced.example.com" network_interfaces { associate_public_ip_address = true @@ -508,6 +512,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateciliumadvanced- lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privateciliumadvanced.example.com" network_interfaces { associate_public_ip_address = false @@ -569,6 +577,10 @@ resource "aws_launch_template" "nodes-privateciliumadvanced-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privateciliumadvanced.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatedns1/kubernetes.tf b/tests/integration/update_cluster/privatedns1/kubernetes.tf index 0e58a4674c6d6..491557016af86 100644 --- a/tests/integration/update_cluster/privatedns1/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns1/kubernetes.tf @@ -474,6 +474,10 @@ resource "aws_launch_template" "bastion-privatedns1-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatedns1.example.com" network_interfaces { associate_public_ip_address = true @@ -544,6 +548,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatedns1-example-co lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatedns1.example.com" network_interfaces { associate_public_ip_address = false @@ -611,6 +619,10 @@ resource "aws_launch_template" "nodes-privatedns1-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatedns1.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatedns2/kubernetes.tf b/tests/integration/update_cluster/privatedns2/kubernetes.tf index 86ce55b52957d..703140aa12de6 100644 --- a/tests/integration/update_cluster/privatedns2/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns2/kubernetes.tf @@ -416,6 +416,10 @@ resource "aws_launch_template" "bastion-privatedns2-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatedns2.example.com" network_interfaces { associate_public_ip_address = true @@ -480,6 +484,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatedns2-example-co lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatedns2.example.com" network_interfaces { associate_public_ip_address = false @@ -541,6 +549,10 @@ resource "aws_launch_template" "nodes-privatedns2-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatedns2.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privateflannel/kubernetes.tf b/tests/integration/update_cluster/privateflannel/kubernetes.tf index ff61835a12da9..6b981b087f7fd 100644 --- a/tests/integration/update_cluster/privateflannel/kubernetes.tf +++ b/tests/integration/update_cluster/privateflannel/kubernetes.tf @@ -430,6 +430,10 @@ resource "aws_launch_template" "bastion-privateflannel-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privateflannel.example.com" network_interfaces { associate_public_ip_address = true @@ -494,6 +498,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateflannel-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privateflannel.example.com" network_interfaces { associate_public_ip_address = false @@ -555,6 +563,10 @@ resource "aws_launch_template" "nodes-privateflannel-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privateflannel.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatekopeio/kubernetes.tf b/tests/integration/update_cluster/privatekopeio/kubernetes.tf index 462326b6b7d0c..5e08664eea840 100644 --- a/tests/integration/update_cluster/privatekopeio/kubernetes.tf +++ b/tests/integration/update_cluster/privatekopeio/kubernetes.tf @@ -436,6 +436,10 @@ resource "aws_launch_template" "bastion-privatekopeio-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatekopeio.example.com" network_interfaces { associate_public_ip_address = true @@ -500,6 +504,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatekopeio-example- lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatekopeio.example.com" network_interfaces { associate_public_ip_address = false @@ -561,6 +569,10 @@ resource "aws_launch_template" "nodes-privatekopeio-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatekopeio.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privateweave/kubernetes.tf b/tests/integration/update_cluster/privateweave/kubernetes.tf index cb1f570b2b380..a7de2dda3ed3d 100644 --- a/tests/integration/update_cluster/privateweave/kubernetes.tf +++ b/tests/integration/update_cluster/privateweave/kubernetes.tf @@ -430,6 +430,10 @@ resource "aws_launch_template" "bastion-privateweave-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privateweave.example.com" network_interfaces { associate_public_ip_address = true @@ -494,6 +498,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateweave-example-c lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privateweave.example.com" network_interfaces { associate_public_ip_address = false @@ -555,6 +563,10 @@ resource "aws_launch_template" "nodes-privateweave-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privateweave.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/public-jwks/kubernetes.tf b/tests/integration/update_cluster/public-jwks/kubernetes.tf index b0d9863593c70..39fe5e2a6bff1 100644 --- a/tests/integration/update_cluster/public-jwks/kubernetes.tf +++ b/tests/integration/update_cluster/public-jwks/kubernetes.tf @@ -305,6 +305,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.minimal.example.com" network_interfaces { associate_public_ip_address = true @@ -366,6 +370,10 @@ resource "aws_launch_template" "nodes-minimal-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.minimal.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/shared_subnet/kubernetes.tf b/tests/integration/update_cluster/shared_subnet/kubernetes.tf index cfe5f4275dfda..8eb243064b0bf 100644 --- a/tests/integration/update_cluster/shared_subnet/kubernetes.tf +++ b/tests/integration/update_cluster/shared_subnet/kubernetes.tf @@ -264,6 +264,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedsubnet-example-c lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.sharedsubnet.example.com" network_interfaces { associate_public_ip_address = true @@ -325,6 +329,10 @@ resource "aws_launch_template" "nodes-sharedsubnet-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.sharedsubnet.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/shared_vpc/kubernetes.tf b/tests/integration/update_cluster/shared_vpc/kubernetes.tf index 15d5fd1563765..574e0de3d89dd 100644 --- a/tests/integration/update_cluster/shared_vpc/kubernetes.tf +++ b/tests/integration/update_cluster/shared_vpc/kubernetes.tf @@ -264,6 +264,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedvpc-example-com" lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.sharedvpc.example.com" network_interfaces { associate_public_ip_address = true @@ -325,6 +329,10 @@ resource "aws_launch_template" "nodes-sharedvpc-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.sharedvpc.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/unmanaged/kubernetes.tf b/tests/integration/update_cluster/unmanaged/kubernetes.tf index d3a74fd904a16..71d4ffd832282 100644 --- a/tests/integration/update_cluster/unmanaged/kubernetes.tf +++ b/tests/integration/update_cluster/unmanaged/kubernetes.tf @@ -407,6 +407,10 @@ resource "aws_launch_template" "bastion-unmanaged-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.unmanaged.example.com" network_interfaces { associate_public_ip_address = true @@ -471,6 +475,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-unmanaged-example-com" lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.unmanaged.example.com" network_interfaces { associate_public_ip_address = false @@ -532,6 +540,10 @@ resource "aws_launch_template" "nodes-unmanaged-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.unmanaged.example.com" network_interfaces { associate_public_ip_address = false diff --git a/upup/pkg/fi/cloudup/awstasks/launchconfiguration.go b/upup/pkg/fi/cloudup/awstasks/launchconfiguration.go index 9b29ed7a349a6..22acd1ea1c659 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchconfiguration.go +++ b/upup/pkg/fi/cloudup/awstasks/launchconfiguration.go @@ -60,6 +60,10 @@ type LaunchConfiguration struct { AssociatePublicIP *bool // BlockDeviceMappings is a block device mappings BlockDeviceMappings []*BlockDeviceMapping + // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + HTTPPutResponseHopLimit *int64 + // HTTPTokens is the state of token usage for your instance metadata requests. + HTTPTokens *string // IAMInstanceProfile is the IAM profile to assign to the nodes IAMInstanceProfile *IAMInstanceProfile // ID is the launch configuration name @@ -297,6 +301,11 @@ func (_ *LaunchConfiguration) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *La LaunchConfigurationName: &launchConfigurationName, } + request.MetadataOptions = &autoscaling.InstanceMetadataOptions{ + HttpPutResponseHopLimit: e.HTTPPutResponseHopLimit, + HttpTokens: e.HTTPTokens, + } + if e.SSHKey != nil { request.KeyName = e.SSHKey.Name } diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate.go index 5d2d5fcfe8816..36aa0ec1afb8c 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate.go @@ -39,6 +39,10 @@ type LaunchTemplate struct { AssociatePublicIP *bool // BlockDeviceMappings is a block device mappings BlockDeviceMappings []*BlockDeviceMapping + // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + HTTPPutResponseHopLimit *int64 + // HTTPTokens is the state of token usage for your instance metadata requests. + HTTPTokens *string // IAMInstanceProfile is the IAM profile to assign to the nodes IAMInstanceProfile *IAMInstanceProfile // ImageID is the AMI to use for the instances diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_api.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_api.go index 5da887c4e8037..6f598883929e5 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_api.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_api.go @@ -42,6 +42,10 @@ func (t *LaunchTemplate) RenderAWS(c *awsup.AWSAPITarget, a, e, changes *LaunchT EbsOptimized: t.RootVolumeOptimization, ImageId: image.ImageId, InstanceType: t.InstanceType, + MetadataOptions: &ec2.LaunchTemplateInstanceMetadataOptionsRequest{ + HttpPutResponseHopLimit: t.HTTPPutResponseHopLimit, + HttpTokens: t.HTTPTokens, + }, NetworkInterfaces: []*ec2.LaunchTemplateInstanceNetworkInterfaceSpecificationRequest{ { AssociatePublicIpAddress: t.AssociatePublicIP, @@ -283,6 +287,12 @@ func (t *LaunchTemplate) Find(c *fi.Context) (*LaunchTemplate, error) { } } + // @step: add instance metadata options + if lt.LaunchTemplateData.MetadataOptions != nil { + actual.HTTPPutResponseHopLimit = lt.LaunchTemplateData.MetadataOptions.HttpPutResponseHopLimit + actual.HTTPTokens = lt.LaunchTemplateData.MetadataOptions.HttpTokens + } + // @step: to avoid spurious changes on ImageId if t.ImageID != nil && actual.ImageID != nil && *actual.ImageID != *t.ImageID { image, err := cloud.ResolveImage(*t.ImageID) diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go index ec7e4ca9cdb88..ed2946be64812 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go @@ -110,6 +110,13 @@ type cloudformationLaunchTemplateTagSpecification struct { Tags []cloudformationTag `json:"Tags,omitempty"` } +type cloudformationLaunchTemplateInstanceMetadataOptions struct { + // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + HTTPPutResponseHopLimit *int64 `json:"HttpPutResponseHopLimit,omitempty"` + // HTTPTokens is the state of token usage for your instance metadata requests. + HTTPTokens *string `json:"HttpTokens,omitempty"` +} + type cloudformationLaunchTemplateData struct { // BlockDeviceMappings is the device mappings BlockDeviceMappings []*cloudformationLaunchTemplateBlockDevice `json:"BlockDeviceMappings,omitempty"` @@ -125,6 +132,8 @@ type cloudformationLaunchTemplateData struct { KeyName *string `json:"KeyName,omitempty"` // MarketOptions are the spot pricing options MarketOptions *cloudformationLaunchTemplateMarketOptions `json:"InstanceMarketOptions,omitempty"` + // MetadataOptions are the instance metadata options. + MetadataOptions *cloudformationLaunchTemplateInstanceMetadataOptions `json:"MetadataOptions,omitempty"` // Monitoring are the instance monitoring options Monitoring *cloudformationLaunchTemplateMonitoring `json:"Monitoring,omitempty"` // NetworkInterfaces are the networking options @@ -173,6 +182,10 @@ func (t *LaunchTemplate) RenderCloudformation(target *cloudformation.Cloudformat EBSOptimized: e.RootVolumeOptimization, ImageID: image, InstanceType: e.InstanceType, + MetadataOptions: &cloudformationLaunchTemplateInstanceMetadataOptions{ + HTTPTokens: e.HTTPTokens, + HTTPPutResponseHopLimit: e.HTTPPutResponseHopLimit, + }, NetworkInterfaces: []*cloudformationLaunchTemplateNetworkInterface{ { AssociatePublicIPAddress: e.AssociatePublicIP, diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation_test.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation_test.go index ead2b6ee48a78..ff41a7ac4fd2b 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation_test.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation_test.go @@ -47,7 +47,9 @@ func TestLaunchTemplateCloudformationRender(t *testing.T) { {Name: fi.String("nodes-1"), ID: fi.String("1111")}, {Name: fi.String("nodes-2"), ID: fi.String("2222")}, }, - Tenancy: fi.String("dedicated"), + Tenancy: fi.String("dedicated"), + HTTPTokens: fi.String("required"), + HTTPPutResponseHopLimit: fi.Int64(1), }, Expected: `{ "Resources": { @@ -72,6 +74,10 @@ func TestLaunchTemplateCloudformationRender(t *testing.T) { "MaxPrice": "10" } }, + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "required" + }, "Monitoring": { "Enabled": true }, @@ -130,7 +136,9 @@ func TestLaunchTemplateCloudformationRender(t *testing.T) { {Name: fi.String("nodes-1"), ID: fi.String("1111")}, {Name: fi.String("nodes-2"), ID: fi.String("2222")}, }, - Tenancy: fi.String("dedicated"), + Tenancy: fi.String("dedicated"), + HTTPTokens: fi.String("optional"), + HTTPPutResponseHopLimit: fi.Int64(1), }, Expected: `{ "Resources": { @@ -158,6 +166,10 @@ func TestLaunchTemplateCloudformationRender(t *testing.T) { }, "InstanceType": "t2.medium", "KeyName": "mykey", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "Monitoring": { "Enabled": true }, diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go index 97c8f48c9e334..548d35d16d332 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go @@ -110,6 +110,13 @@ type terraformLaunchTemplateTagSpecification struct { Tags map[string]string `json:"tags,omitempty" cty:"tags"` } +type terraformLaunchTemplateInstanceMetadata struct { + // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + HTTPPutResponseHopLimit *int64 `json:"http_put_response_hop_limit,omitempty" cty:"http_put_response_hop_limit"` + // HTTPTokens is the state of token usage for your instance metadata requests. + HTTPTokens *string `json:"http_tokens,omitempty" cty:"http_tokens"` +} + type terraformLaunchTemplate struct { // Name is the name of the launch template Name *string `json:"name,omitempty" cty:"name"` @@ -130,6 +137,8 @@ type terraformLaunchTemplate struct { KeyName *terraform.Literal `json:"key_name,omitempty" cty:"key_name"` // MarketOptions are the spot pricing options MarketOptions []*terraformLaunchTemplateMarketOptions `json:"instance_market_options,omitempty" cty:"instance_market_options"` + // MetadataOptions are the instance metadata options. + MetadataOptions *terraformLaunchTemplateInstanceMetadata `json:"metadata_options,omitempty" cty:"metadata_options"` // Monitoring are the instance monitoring options Monitoring []*terraformLaunchTemplateMonitoring `json:"monitoring,omitempty" cty:"monitoring"` // NetworkInterfaces are the networking options @@ -175,6 +184,10 @@ func (t *LaunchTemplate) RenderTerraform(target *terraform.TerraformTarget, a, e ImageID: image, InstanceType: e.InstanceType, Lifecycle: &terraform.Lifecycle{CreateBeforeDestroy: fi.Bool(true)}, + MetadataOptions: &terraformLaunchTemplateInstanceMetadata{ + HTTPTokens: e.HTTPTokens, + HTTPPutResponseHopLimit: e.HTTPPutResponseHopLimit, + }, NetworkInterfaces: []*terraformLaunchTemplateNetworkInterface{ { AssociatePublicIPAddress: e.AssociatePublicIP, diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go index 66a541ae67bc9..2f817e8bcf669 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go @@ -48,7 +48,9 @@ func TestLaunchTemplateTerraformRender(t *testing.T) { {Name: fi.String("nodes-1"), ID: fi.String("1111")}, {Name: fi.String("nodes-2"), ID: fi.String("2222")}, }, - Tenancy: fi.String("dedicated"), + Tenancy: fi.String("dedicated"), + HTTPTokens: fi.String("optional"), + HTTPPutResponseHopLimit: fi.Int64(1), }, Expected: `provider "aws" { region = "eu-west-2" @@ -72,6 +74,10 @@ resource "aws_launch_template" "test" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } monitoring { enabled = true } @@ -120,7 +126,9 @@ terraform { {Name: fi.String("nodes-1"), ID: fi.String("1111")}, {Name: fi.String("nodes-2"), ID: fi.String("2222")}, }, - Tenancy: fi.String("dedicated"), + Tenancy: fi.String("dedicated"), + HTTPTokens: fi.String("required"), + HTTPPutResponseHopLimit: fi.Int64(5), }, Expected: `provider "aws" { region = "eu-west-2" @@ -145,6 +153,10 @@ resource "aws_launch_template" "test" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 5 + http_tokens = "required" + } monitoring { enabled = true }