Skip to content

Commit

Permalink
AWS: Increase IMDS hop limit for EC2 instances (#1835)
Browse files Browse the repository at this point in the history
Signed-off-by: Waleed Malik <[email protected]>
Co-authored-by: Waleed Malik <[email protected]>
  • Loading branch information
kubermatic-bot and ahmedwaleedmalik authored Aug 1, 2024
1 parent 86ced77 commit b63acc6
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions pkg/cloudprovider/provider/aws/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,11 @@ const (
// Interval and timeout for polling.
pollInterval = 2 * time.Second
pollTimeout = 5 * time.Minute
// The maximum number of hops that the metadata service can be forwarded to, defaults to 2.
// We need to set this to a higher value i.e. 3 to ensure that it is not blocked by extra hops that are introduced either by CNI or other networking components. With lower
// limits AWS metadata service is not reachable from the container network in such a scenario.
// For example: https://github.com/cilium/cilium/issues/25232
awsMetadataHTTPPutResponseHopLimit = 3
)

var (
Expand Down Expand Up @@ -760,6 +765,9 @@ func (p *provider) Create(ctx context.Context, log *zap.SugaredLogger, machine *
assignPublicIP := config.AssignPublicIP == nil || *config.AssignPublicIP

instanceRequest := &ec2.RunInstancesInput{
MetadataOptions: &ec2types.InstanceMetadataOptionsRequest{
HttpPutResponseHopLimit: aws.Int32(awsMetadataHTTPPutResponseHopLimit),
},
ImageId: aws.String(amiID),
InstanceMarketOptions: instanceMarketOptions,
BlockDeviceMappings: []ec2types.BlockDeviceMapping{
Expand Down

0 comments on commit b63acc6

Please sign in to comment.