diff --git a/cloudmock/aws/mockec2/launch_templates.go b/cloudmock/aws/mockec2/launch_templates.go index 51cb0aee91375..52a5aa844c060 100644 --- a/cloudmock/aws/mockec2/launch_templates.go +++ b/cloudmock/aws/mockec2/launch_templates.go @@ -147,6 +147,12 @@ func (m *MockEC2) CreateLaunchTemplate(request *ec2.CreateLaunchTemplateInput) ( name: request.LaunchTemplateName, } + if request.LaunchTemplateData.MetadataOptions != nil { + resp.MetadataOptions = &ec2.LaunchTemplateInstanceMetadataOptions{ + HttpTokens: request.LaunchTemplateData.MetadataOptions.HttpTokens, + HttpPutResponseHopLimit: request.LaunchTemplateData.MetadataOptions.HttpPutResponseHopLimit, + } + } if request.LaunchTemplateData.Monitoring != nil { resp.Monitoring = &ec2.LaunchTemplatesMonitoring{Enabled: request.LaunchTemplateData.Monitoring.Enabled} } diff --git a/k8s/crds/kops.k8s.io_instancegroups.yaml b/k8s/crds/kops.k8s.io_instancegroups.yaml index 284e925dc8129..1ffa8a5ff7c4c 100644 --- a/k8s/crds/kops.k8s.io_instancegroups.yaml +++ b/k8s/crds/kops.k8s.io_instancegroups.yaml @@ -193,6 +193,17 @@ spec: instanceInterruptionBehavior: description: InstanceInterruptionBehavior defines if a spot instance should be terminated, hibernated, or stopped after interruption type: string + instanceMetadata: + description: InstanceMetadata defines the EC2 instance metadata service options (AWS Only) + properties: + httpPutResponseHopLimit: + description: HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. The default value is 1. + format: int64 + type: integer + httpTokens: + description: HTTPTokens is the state of token usage for the instance metadata requests. If the parameter is not specified in the request, the default state is "optional". + type: string + type: object instanceProtection: description: InstanceProtection makes new instances in an autoscaling group protected from scale in type: boolean diff --git a/pkg/apis/kops/instancegroup.go b/pkg/apis/kops/instancegroup.go index 551f8311e5ac9..97a291c3bc30f 100644 --- a/pkg/apis/kops/instancegroup.go +++ b/pkg/apis/kops/instancegroup.go @@ -166,6 +166,8 @@ type InstanceGroupSpec struct { InstanceInterruptionBehavior *string `json:"instanceInterruptionBehavior,omitempty"` // CompressUserData compresses parts of the user data to save space CompressUserData *bool `json:"compressUserData,omitempty"` + // InstanceMetadata defines the EC2 instance metadata service options (AWS Only) + InstanceMetadata *InstanceMetadataOptions `json:"instanceMetadata,omitempty"` } const ( @@ -180,6 +182,16 @@ const ( // SpotAllocationStrategies is a collection of supported strategies var SpotAllocationStrategies = []string{SpotAllocationStrategyLowestPrices, SpotAllocationStrategyDiversified, SpotAllocationStrategyCapacityOptimized} +// InstanceMetadata defines the EC2 instance metadata service options (AWS Only) +type InstanceMetadataOptions struct { + // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + // The larger the number, the further instance metadata requests can travel. The default value is 1. + HTTPPutResponseHopLimit *int64 `json:"httpPutResponseHopLimit,omitempty"` + // HTTPTokens is the state of token usage for the instance metadata requests. + // If the parameter is not specified in the request, the default state is "optional". + HTTPTokens *string `json:"httpTokens,omitempty"` +} + // MixedInstancesPolicySpec defines the specification for an autoscaling group backed by a ec2 fleet type MixedInstancesPolicySpec struct { // Instances is a list of instance types which we are willing to run in the EC2 fleet diff --git a/pkg/apis/kops/v1alpha2/instancegroup.go b/pkg/apis/kops/v1alpha2/instancegroup.go index 0f84048c790df..e38efdcf42452 100644 --- a/pkg/apis/kops/v1alpha2/instancegroup.go +++ b/pkg/apis/kops/v1alpha2/instancegroup.go @@ -164,6 +164,8 @@ type InstanceGroupSpec struct { InstanceInterruptionBehavior *string `json:"instanceInterruptionBehavior,omitempty"` // CompressUserData compresses parts of the user data to save space CompressUserData *bool `json:"compressUserData,omitempty"` + // InstanceMetadata defines the EC2 instance metadata service options (AWS Only) + InstanceMetadata *InstanceMetadataOptions `json:"instanceMetadata,omitempty"` } const ( @@ -178,6 +180,16 @@ const ( // SpotAllocationStrategies is a collection of supported strategies var SpotAllocationStrategies = []string{SpotAllocationStrategyLowestPrices, SpotAllocationStrategyDiversified, SpotAllocationStrategyCapacityOptimized} +// InstanceMetadata defines the EC2 instance metadata service options (AWS Only) +type InstanceMetadataOptions struct { + // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + // The larger the number, the further instance metadata requests can travel. The default value is 1. + HTTPPutResponseHopLimit *int64 `json:"httpPutResponseHopLimit,omitempty"` + // HTTPTokens is the state of token usage for the instance metadata requests. + // If the parameter is not specified in the request, the default state is "optional". + HTTPTokens *string `json:"httpTokens,omitempty"` +} + // MixedInstancesPolicySpec defines the specification for an autoscaling group backed by a ec2 fleet type MixedInstancesPolicySpec struct { // Instances is a list of instance types which we are willing to run in the EC2 fleet diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index f01098b30429b..4218b876d4c91 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -523,6 +523,16 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*InstanceMetadataOptions)(nil), (*kops.InstanceMetadataOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions(a.(*InstanceMetadataOptions), b.(*kops.InstanceMetadataOptions), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*kops.InstanceMetadataOptions)(nil), (*InstanceMetadataOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_kops_InstanceMetadataOptions_To_v1alpha2_InstanceMetadataOptions(a.(*kops.InstanceMetadataOptions), b.(*InstanceMetadataOptions), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*Keyset)(nil), (*kops.Keyset)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha2_Keyset_To_kops_Keyset(a.(*Keyset), b.(*kops.Keyset), scope) }); err != nil { @@ -3619,6 +3629,15 @@ func autoConvert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec(in *Instan } out.InstanceInterruptionBehavior = in.InstanceInterruptionBehavior out.CompressUserData = in.CompressUserData + if in.InstanceMetadata != nil { + in, out := &in.InstanceMetadata, &out.InstanceMetadata + *out = new(kops.InstanceMetadataOptions) + if err := Convert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions(*in, *out, s); err != nil { + return err + } + } else { + out.InstanceMetadata = nil + } return nil } @@ -3758,6 +3777,15 @@ func autoConvert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in *kops.I } out.InstanceInterruptionBehavior = in.InstanceInterruptionBehavior out.CompressUserData = in.CompressUserData + if in.InstanceMetadata != nil { + in, out := &in.InstanceMetadata, &out.InstanceMetadata + *out = new(InstanceMetadataOptions) + if err := Convert_kops_InstanceMetadataOptions_To_v1alpha2_InstanceMetadataOptions(*in, *out, s); err != nil { + return err + } + } else { + out.InstanceMetadata = nil + } return nil } @@ -3766,6 +3794,28 @@ func Convert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in *kops.Insta return autoConvert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in, out, s) } +func autoConvert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions(in *InstanceMetadataOptions, out *kops.InstanceMetadataOptions, s conversion.Scope) error { + out.HTTPPutResponseHopLimit = in.HTTPPutResponseHopLimit + out.HTTPTokens = in.HTTPTokens + return nil +} + +// Convert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions is an autogenerated conversion function. +func Convert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions(in *InstanceMetadataOptions, out *kops.InstanceMetadataOptions, s conversion.Scope) error { + return autoConvert_v1alpha2_InstanceMetadataOptions_To_kops_InstanceMetadataOptions(in, out, s) +} + +func autoConvert_kops_InstanceMetadataOptions_To_v1alpha2_InstanceMetadataOptions(in *kops.InstanceMetadataOptions, out *InstanceMetadataOptions, s conversion.Scope) error { + out.HTTPPutResponseHopLimit = in.HTTPPutResponseHopLimit + out.HTTPTokens = in.HTTPTokens + return nil +} + +// Convert_kops_InstanceMetadataOptions_To_v1alpha2_InstanceMetadataOptions is an autogenerated conversion function. +func Convert_kops_InstanceMetadataOptions_To_v1alpha2_InstanceMetadataOptions(in *kops.InstanceMetadataOptions, out *InstanceMetadataOptions, s conversion.Scope) error { + return autoConvert_kops_InstanceMetadataOptions_To_v1alpha2_InstanceMetadataOptions(in, out, s) +} + func autoConvert_v1alpha2_Keyset_To_kops_Keyset(in *Keyset, out *kops.Keyset, s conversion.Scope) error { out.ObjectMeta = in.ObjectMeta if err := Convert_v1alpha2_KeysetSpec_To_kops_KeysetSpec(&in.Spec, &out.Spec, s); err != nil { diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go index 5a0e3c6c2b541..758c8c57588dc 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go @@ -1949,6 +1949,11 @@ func (in *InstanceGroupSpec) DeepCopyInto(out *InstanceGroupSpec) { *out = new(bool) **out = **in } + if in.InstanceMetadata != nil { + in, out := &in.InstanceMetadata, &out.InstanceMetadata + *out = new(InstanceMetadataOptions) + (*in).DeepCopyInto(*out) + } return } @@ -1962,6 +1967,32 @@ func (in *InstanceGroupSpec) DeepCopy() *InstanceGroupSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceMetadataOptions) DeepCopyInto(out *InstanceMetadataOptions) { + *out = *in + if in.HTTPPutResponseHopLimit != nil { + in, out := &in.HTTPPutResponseHopLimit, &out.HTTPPutResponseHopLimit + *out = new(int64) + **out = **in + } + if in.HTTPTokens != nil { + in, out := &in.HTTPTokens, &out.HTTPTokens + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceMetadataOptions. +func (in *InstanceMetadataOptions) DeepCopy() *InstanceMetadataOptions { + if in == nil { + return nil + } + out := new(InstanceMetadataOptions) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Keyset) DeepCopyInto(out *Keyset) { *out = *in diff --git a/pkg/apis/kops/validation/aws.go b/pkg/apis/kops/validation/aws.go index 82837412055f5..dd0a30713b2ff 100644 --- a/pkg/apis/kops/validation/aws.go +++ b/pkg/apis/kops/validation/aws.go @@ -56,6 +56,28 @@ func awsValidateInstanceGroup(ig *kops.InstanceGroup, cloud awsup.AWSCloud) fiel allErrs = append(allErrs, awsValidateMixedInstancesPolicy(field.NewPath("spec", "mixedInstancesPolicy"), ig.Spec.MixedInstancesPolicy, ig, cloud)...) } + if ig.Spec.InstanceMetadata != nil { + allErrs = append(allErrs, awsValidateInstanceMetadata(field.NewPath("spec", "instanceMetadata"), ig.Spec.InstanceMetadata)...) + } + + return allErrs +} + +func awsValidateInstanceMetadata(fieldPath *field.Path, instanceMetadata *kops.InstanceMetadataOptions) field.ErrorList { + allErrs := field.ErrorList{} + + if instanceMetadata.HTTPTokens != nil { + allErrs = append(allErrs, IsValidValue(fieldPath.Child("httpTokens"), instanceMetadata.HTTPTokens, []string{"optional", "required"})...) + } + + if instanceMetadata.HTTPPutResponseHopLimit != nil { + httpPutResponseHopLimit := fi.Int64Value(instanceMetadata.HTTPPutResponseHopLimit) + if httpPutResponseHopLimit < 1 || httpPutResponseHopLimit > 64 { + allErrs = append(allErrs, field.Invalid(fieldPath.Child("httpPutResponseHopLimit"), instanceMetadata.HTTPPutResponseHopLimit, + "HTTPPutResponseLimit must be a value between 1 and 64")) + } + } + return allErrs } diff --git a/pkg/apis/kops/validation/aws_test.go b/pkg/apis/kops/validation/aws_test.go index cc7cc97abdb56..b0205f5f05183 100644 --- a/pkg/apis/kops/validation/aws_test.go +++ b/pkg/apis/kops/validation/aws_test.go @@ -157,3 +157,48 @@ func TestValidateInstanceGroupSpec(t *testing.T) { testErrors(t, g.Input, errs, g.ExpectedErrors) } } + +func TestInstanceMetadataOptions(t *testing.T) { + cloud := awsup.BuildMockAWSCloud("us-east-1", "abc") + + tests := []struct { + ig *kops.InstanceGroup + expected []string + }{ + { + ig: &kops.InstanceGroup{ + ObjectMeta: v1.ObjectMeta{ + Name: "some-ig", + }, + Spec: kops.InstanceGroupSpec{ + Role: "Node", + InstanceMetadata: &kops.InstanceMetadataOptions{ + HTTPPutResponseHopLimit: fi.Int64(1), + HTTPTokens: fi.String("abc"), + }, + }, + }, + expected: []string{"Unsupported value::spec.instanceMetadata.httpTokens"}, + }, + { + ig: &kops.InstanceGroup{ + ObjectMeta: v1.ObjectMeta{ + Name: "some-ig", + }, + Spec: kops.InstanceGroupSpec{ + Role: "Node", + InstanceMetadata: &kops.InstanceMetadataOptions{ + HTTPPutResponseHopLimit: fi.Int64(-1), + HTTPTokens: fi.String("required"), + }, + }, + }, + expected: []string{"Invalid value::spec.instanceMetadata.httpPutResponseHopLimit"}, + }, + } + + for _, test := range tests { + errs := ValidateInstanceGroup(test.ig, cloud) + testErrors(t, test.ig.ObjectMeta.Name, errs, test.expected) + } +} diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go index 862ef96f45286..fe665dbc6fdd9 100644 --- a/pkg/apis/kops/zz_generated.deepcopy.go +++ b/pkg/apis/kops/zz_generated.deepcopy.go @@ -2115,6 +2115,11 @@ func (in *InstanceGroupSpec) DeepCopyInto(out *InstanceGroupSpec) { *out = new(bool) **out = **in } + if in.InstanceMetadata != nil { + in, out := &in.InstanceMetadata, &out.InstanceMetadata + *out = new(InstanceMetadataOptions) + (*in).DeepCopyInto(*out) + } return } @@ -2128,6 +2133,32 @@ func (in *InstanceGroupSpec) DeepCopy() *InstanceGroupSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceMetadataOptions) DeepCopyInto(out *InstanceMetadataOptions) { + *out = *in + if in.HTTPPutResponseHopLimit != nil { + in, out := &in.HTTPPutResponseHopLimit, &out.HTTPPutResponseHopLimit + *out = new(int64) + **out = **in + } + if in.HTTPTokens != nil { + in, out := &in.HTTPTokens, &out.HTTPTokens + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceMetadataOptions. +func (in *InstanceMetadataOptions) DeepCopy() *InstanceMetadataOptions { + if in == nil { + return nil + } + out := new(InstanceMetadataOptions) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Keyset) DeepCopyInto(out *Keyset) { *out = *in diff --git a/pkg/model/awsmodel/autoscalinggroup.go b/pkg/model/awsmodel/autoscalinggroup.go index 54c324e04aeb4..f6783221da6e6 100644 --- a/pkg/model/awsmodel/autoscalinggroup.go +++ b/pkg/model/awsmodel/autoscalinggroup.go @@ -113,24 +113,26 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchTemplateTask(c *fi.ModelBuilde // LaunchConfiguration as an anonymous field, bit given up the task dependency walker works this caused issues, due // to the creation of a implicit dependency lt := &awstasks.LaunchTemplate{ - Name: fi.String(name), - Lifecycle: b.Lifecycle, - AssociatePublicIP: lc.AssociatePublicIP, - BlockDeviceMappings: lc.BlockDeviceMappings, - IAMInstanceProfile: lc.IAMInstanceProfile, - ImageID: lc.ImageID, - InstanceMonitoring: lc.InstanceMonitoring, - InstanceType: lc.InstanceType, - RootVolumeOptimization: lc.RootVolumeOptimization, - RootVolumeSize: lc.RootVolumeSize, - RootVolumeIops: lc.RootVolumeIops, - RootVolumeType: lc.RootVolumeType, - RootVolumeEncryption: lc.RootVolumeEncryption, - SSHKey: lc.SSHKey, - SecurityGroups: lc.SecurityGroups, - Tags: tags, - Tenancy: lc.Tenancy, - UserData: lc.UserData, + Name: fi.String(name), + Lifecycle: b.Lifecycle, + AssociatePublicIP: lc.AssociatePublicIP, + BlockDeviceMappings: lc.BlockDeviceMappings, + IAMInstanceProfile: lc.IAMInstanceProfile, + ImageID: lc.ImageID, + InstanceMonitoring: lc.InstanceMonitoring, + InstanceType: lc.InstanceType, + RootVolumeOptimization: lc.RootVolumeOptimization, + RootVolumeSize: lc.RootVolumeSize, + RootVolumeIops: lc.RootVolumeIops, + RootVolumeType: lc.RootVolumeType, + RootVolumeEncryption: lc.RootVolumeEncryption, + SSHKey: lc.SSHKey, + SecurityGroups: lc.SecurityGroups, + Tags: tags, + Tenancy: lc.Tenancy, + UserData: lc.UserData, + HTTPTokens: lc.HTTPTokens, + HTTPPutResponseHopLimit: lc.HTTPPutResponseHopLimit, } // When using a MixedInstances ASG, AWS requires the SpotPrice be defined on the ASG // rather than the LaunchTemplate or else it returns this error: @@ -203,6 +205,15 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchConfigurationTask(c *fi.ModelB SecurityGroups: []*awstasks.SecurityGroup{sgLink}, } + t.HTTPTokens = fi.String("optional") + if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPTokens != nil { + t.HTTPTokens = ig.Spec.InstanceMetadata.HTTPTokens + } + t.HTTPPutResponseHopLimit = fi.Int64(1) + if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit != nil { + t.HTTPPutResponseHopLimit = ig.Spec.InstanceMetadata.HTTPPutResponseHopLimit + } + if b.APILoadBalancerClass() == kops.LoadBalancerClassNetwork { for _, id := range b.Cluster.Spec.API.LoadBalancer.AdditionalSecurityGroups { sgTask := &awstasks.SecurityGroup{ diff --git a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf index 14c886d586976..94fa935edaf2b 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf +++ b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf @@ -429,6 +429,10 @@ resource "aws_launch_template" "bastion-bastionuserdata-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.bastionuserdata.example.com" network_interfaces { associate_public_ip_address = true @@ -493,6 +497,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-bastionuserdata-exampl lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.bastionuserdata.example.com" network_interfaces { associate_public_ip_address = false @@ -553,6 +561,10 @@ resource "aws_launch_template" "nodes-bastionuserdata-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.bastionuserdata.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/complex/cloudformation.json b/tests/integration/update_cluster/complex/cloudformation.json index fb81f31e88554..2de252259ba08 100644 --- a/tests/integration/update_cluster/complex/cloudformation.json +++ b/tests/integration/update_cluster/complex/cloudformation.json @@ -265,6 +265,10 @@ }, "ImageId": "ami-12345678", "InstanceType": "m3.medium", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "required" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -398,6 +402,10 @@ }, "ImageId": "ami-12345678", "InstanceType": "t2.medium", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "Monitoring": { "Enabled": true }, diff --git a/tests/integration/update_cluster/complex/in-legacy-v1alpha2.yaml b/tests/integration/update_cluster/complex/in-legacy-v1alpha2.yaml index b629434bb0746..a36862778022a 100644 --- a/tests/integration/update_cluster/complex/in-legacy-v1alpha2.yaml +++ b/tests/integration/update_cluster/complex/in-legacy-v1alpha2.yaml @@ -126,6 +126,9 @@ spec: rootVolumeEncryption: true subnets: - us-test-1a + instanceMetadata: + httpTokens: required + httpPutResponseHopLimit: 1 additionalUserData: - name: myscript.sh type: text/x-shellscript diff --git a/tests/integration/update_cluster/complex/in-v1alpha2.yaml b/tests/integration/update_cluster/complex/in-v1alpha2.yaml index 6ed952c6a3ca6..b451ca85915fe 100644 --- a/tests/integration/update_cluster/complex/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/complex/in-v1alpha2.yaml @@ -126,6 +126,9 @@ spec: rootVolumeEncryption: true subnets: - us-test-1a + instanceMetadata: + httpTokens: required + httpPutResponseHopLimit: 1 additionalUserData: - name: myscript.sh type: text/x-shellscript diff --git a/tests/integration/update_cluster/complex/kubernetes.tf b/tests/integration/update_cluster/complex/kubernetes.tf index 8a89f92ba4dc3..fc4505121c1a3 100644 --- a/tests/integration/update_cluster/complex/kubernetes.tf +++ b/tests/integration/update_cluster/complex/kubernetes.tf @@ -297,6 +297,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-complex-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "required" + } name = "master-us-test-1a.masters.complex.example.com" network_interfaces { associate_public_ip_address = true @@ -371,6 +375,10 @@ resource "aws_launch_template" "nodes-complex-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } monitoring { enabled = true } diff --git a/tests/integration/update_cluster/compress/kubernetes.tf b/tests/integration/update_cluster/compress/kubernetes.tf index 27c0e49e6e58f..ed0dbd37c6c88 100644 --- a/tests/integration/update_cluster/compress/kubernetes.tf +++ b/tests/integration/update_cluster/compress/kubernetes.tf @@ -266,6 +266,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-compress-example-com" lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.compress.example.com" network_interfaces { associate_public_ip_address = true @@ -325,6 +329,10 @@ resource "aws_launch_template" "nodes-compress-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.compress.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json b/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json index 29ebd4416b82b..740f1df56cb89 100644 --- a/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json @@ -221,6 +221,10 @@ "ImageId": "ami-11400000", "InstanceType": "m3.medium", "KeyName": "kubernetes.containerd.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -328,6 +332,10 @@ "ImageId": "ami-11400000", "InstanceType": "t2.medium", "KeyName": "kubernetes.containerd.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, diff --git a/tests/integration/update_cluster/existing_iam/kubernetes.tf b/tests/integration/update_cluster/existing_iam/kubernetes.tf index c1bd348d28ff4..3a6d3e5ef33c5 100644 --- a/tests/integration/update_cluster/existing_iam/kubernetes.tf +++ b/tests/integration/update_cluster/existing_iam/kubernetes.tf @@ -387,6 +387,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-existing-iam-example-c lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.existing-iam.example.com" network_interfaces { associate_public_ip_address = true @@ -451,6 +455,10 @@ resource "aws_launch_template" "master-us-test-1b-masters-existing-iam-example-c lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1b.masters.existing-iam.example.com" network_interfaces { associate_public_ip_address = true @@ -515,6 +523,10 @@ resource "aws_launch_template" "master-us-test-1c-masters-existing-iam-example-c lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1c.masters.existing-iam.example.com" network_interfaces { associate_public_ip_address = true @@ -575,6 +587,10 @@ resource "aws_launch_template" "nodes-existing-iam-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.existing-iam.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json index 6b477cc5a026e..ce971d571ffb2 100644 --- a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json @@ -219,6 +219,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -324,6 +328,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, diff --git a/tests/integration/update_cluster/existing_sg/kubernetes.tf b/tests/integration/update_cluster/existing_sg/kubernetes.tf index 025b222dc16e5..20479db13f794 100644 --- a/tests/integration/update_cluster/existing_sg/kubernetes.tf +++ b/tests/integration/update_cluster/existing_sg/kubernetes.tf @@ -468,6 +468,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-existingsg-example-com lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.existingsg.example.com" network_interfaces { associate_public_ip_address = true @@ -532,6 +536,10 @@ resource "aws_launch_template" "master-us-test-1b-masters-existingsg-example-com lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1b.masters.existingsg.example.com" network_interfaces { associate_public_ip_address = true @@ -596,6 +604,10 @@ resource "aws_launch_template" "master-us-test-1c-masters-existingsg-example-com lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1c.masters.existingsg.example.com" network_interfaces { associate_public_ip_address = true @@ -656,6 +668,10 @@ resource "aws_launch_template" "nodes-existingsg-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.existingsg.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/externallb/cloudformation.json b/tests/integration/update_cluster/externallb/cloudformation.json index 4b8265a515910..52e47a8ab8eb9 100644 --- a/tests/integration/update_cluster/externallb/cloudformation.json +++ b/tests/integration/update_cluster/externallb/cloudformation.json @@ -236,6 +236,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.externallb.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -343,6 +347,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.externallb.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, diff --git a/tests/integration/update_cluster/externallb/kubernetes.tf b/tests/integration/update_cluster/externallb/kubernetes.tf index a7d531717754b..00ded097f1e74 100644 --- a/tests/integration/update_cluster/externallb/kubernetes.tf +++ b/tests/integration/update_cluster/externallb/kubernetes.tf @@ -281,6 +281,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-externallb-example-com lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.externallb.example.com" network_interfaces { associate_public_ip_address = true @@ -341,6 +345,10 @@ resource "aws_launch_template" "nodes-externallb-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.externallb.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/externalpolicies/kubernetes.tf b/tests/integration/update_cluster/externalpolicies/kubernetes.tf index c8b990846a2a6..dcebe1b28daa6 100644 --- a/tests/integration/update_cluster/externalpolicies/kubernetes.tf +++ b/tests/integration/update_cluster/externalpolicies/kubernetes.tf @@ -345,6 +345,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-externalpolicies-examp lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.externalpolicies.example.com" network_interfaces { associate_public_ip_address = true @@ -411,6 +415,10 @@ resource "aws_launch_template" "nodes-externalpolicies-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } monitoring { enabled = true } diff --git a/tests/integration/update_cluster/ha/kubernetes.tf b/tests/integration/update_cluster/ha/kubernetes.tf index dfe29d079a195..19f16b3206591 100644 --- a/tests/integration/update_cluster/ha/kubernetes.tf +++ b/tests/integration/update_cluster/ha/kubernetes.tf @@ -439,6 +439,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-ha-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.ha.example.com" network_interfaces { associate_public_ip_address = true @@ -503,6 +507,10 @@ resource "aws_launch_template" "master-us-test-1b-masters-ha-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1b.masters.ha.example.com" network_interfaces { associate_public_ip_address = true @@ -567,6 +575,10 @@ resource "aws_launch_template" "master-us-test-1c-masters-ha-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1c.masters.ha.example.com" network_interfaces { associate_public_ip_address = true @@ -627,6 +639,10 @@ resource "aws_launch_template" "nodes-ha-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.ha.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json index 066fd9dd13b76..3fd89f8cda491 100644 --- a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json @@ -221,6 +221,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -328,6 +332,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, diff --git a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json index 6691f2c09167f..74bff3d697c4f 100644 --- a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json +++ b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json @@ -322,6 +322,10 @@ "image_id": "ami-12345678", "instance_type": "m3.medium", "key_name": "${aws_key_pair.kubernetes-minimal-json-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}", + "metadata_options": { + "http_put_response_hop_limit": 1, + "http_tokens": "optional" + }, "network_interfaces": [ { "associate_public_ip_address": true, @@ -393,6 +397,10 @@ "image_id": "ami-12345678", "instance_type": "t2.medium", "key_name": "${aws_key_pair.kubernetes-minimal-json-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}", + "metadata_options": { + "http_put_response_hop_limit": 1, + "http_tokens": "optional" + }, "network_interfaces": [ { "associate_public_ip_address": true, diff --git a/tests/integration/update_cluster/minimal/kubernetes.tf b/tests/integration/update_cluster/minimal/kubernetes.tf index 58da12bcea4cf..ad230074b21f5 100644 --- a/tests/integration/update_cluster/minimal/kubernetes.tf +++ b/tests/integration/update_cluster/minimal/kubernetes.tf @@ -277,6 +277,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.minimal.example.com" network_interfaces { associate_public_ip_address = true @@ -337,6 +341,10 @@ resource "aws_launch_template" "nodes-minimal-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.minimal.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/mixed_instances/cloudformation.json b/tests/integration/update_cluster/mixed_instances/cloudformation.json index 892a76fb24a46..09a4ee947b603 100644 --- a/tests/integration/update_cluster/mixed_instances/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances/cloudformation.json @@ -392,6 +392,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -503,6 +507,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -614,6 +622,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -721,6 +733,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, diff --git a/tests/integration/update_cluster/mixed_instances/kubernetes.tf b/tests/integration/update_cluster/mixed_instances/kubernetes.tf index 2dd384a781922..a0add99586dc4 100644 --- a/tests/integration/update_cluster/mixed_instances/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances/kubernetes.tf @@ -457,6 +457,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true @@ -521,6 +525,10 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1b.masters.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true @@ -585,6 +593,10 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1c.masters.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true @@ -645,6 +657,10 @@ resource "aws_launch_template" "nodes-mixedinstances-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json index fb1c07ef2f78d..77f30c0b8ffce 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json @@ -393,6 +393,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -504,6 +508,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -615,6 +623,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -722,6 +734,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, diff --git a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf index e097def665aa9..904308a11fa7c 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf @@ -457,6 +457,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true @@ -521,6 +525,10 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1b.masters.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true @@ -585,6 +593,10 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1c.masters.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true @@ -645,6 +657,10 @@ resource "aws_launch_template" "nodes-mixedinstances-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.mixedinstances.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/private-shared-ip/cloudformation.json b/tests/integration/update_cluster/private-shared-ip/cloudformation.json index 4e525791a022a..22e7d482dfc8f 100644 --- a/tests/integration/update_cluster/private-shared-ip/cloudformation.json +++ b/tests/integration/update_cluster/private-shared-ip/cloudformation.json @@ -261,6 +261,10 @@ "ImageId": "ami-11400000", "InstanceType": "t2.micro", "KeyName": "kubernetes.private-shared-ip.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -372,6 +376,10 @@ "ImageId": "ami-11400000", "InstanceType": "m3.medium", "KeyName": "kubernetes.private-shared-ip.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, @@ -479,6 +487,10 @@ "ImageId": "ami-11400000", "InstanceType": "t2.medium", "KeyName": "kubernetes.private-shared-ip.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, diff --git a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf index f9ee5c481a162..a8c8f89e86e4f 100644 --- a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf @@ -406,6 +406,10 @@ resource "aws_launch_template" "bastion-private-shared-ip-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.private-shared-ip.example.com" network_interfaces { associate_public_ip_address = true @@ -469,6 +473,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-ip-exam lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.private-shared-ip.example.com" network_interfaces { associate_public_ip_address = false @@ -529,6 +537,10 @@ resource "aws_launch_template" "nodes-private-shared-ip-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.private-shared-ip.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf index 7a2a32ae73ba3..9fc8fa4c2d35c 100644 --- a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf @@ -401,6 +401,10 @@ resource "aws_launch_template" "bastion-private-shared-subnet-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.private-shared-subnet.example.com" network_interfaces { associate_public_ip_address = true @@ -464,6 +468,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-subnet- lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.private-shared-subnet.example.com" network_interfaces { associate_public_ip_address = false @@ -524,6 +532,10 @@ resource "aws_launch_template" "nodes-private-shared-subnet-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.private-shared-subnet.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json b/tests/integration/update_cluster/privatecalico/cloudformation.json index 98f18806e4024..fa9e1ea82dd71 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json @@ -323,6 +323,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.micro", "KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -434,6 +438,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, @@ -541,6 +549,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, diff --git a/tests/integration/update_cluster/privatecalico/kubernetes.tf b/tests/integration/update_cluster/privatecalico/kubernetes.tf index c1e2d3daf02db..d8dcdb54e5070 100644 --- a/tests/integration/update_cluster/privatecalico/kubernetes.tf +++ b/tests/integration/update_cluster/privatecalico/kubernetes.tf @@ -429,6 +429,10 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatecalico.example.com" network_interfaces { associate_public_ip_address = true @@ -492,6 +496,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example- lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatecalico.example.com" network_interfaces { associate_public_ip_address = false @@ -552,6 +560,10 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatecalico.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatecanal/kubernetes.tf b/tests/integration/update_cluster/privatecanal/kubernetes.tf index b7b345939d70f..9caf5cf59b70d 100644 --- a/tests/integration/update_cluster/privatecanal/kubernetes.tf +++ b/tests/integration/update_cluster/privatecanal/kubernetes.tf @@ -429,6 +429,10 @@ resource "aws_launch_template" "bastion-privatecanal-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatecanal.example.com" network_interfaces { associate_public_ip_address = true @@ -492,6 +496,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecanal-example-c lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatecanal.example.com" network_interfaces { associate_public_ip_address = false @@ -552,6 +560,10 @@ resource "aws_launch_template" "nodes-privatecanal-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatecanal.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatecilium/cloudformation.json b/tests/integration/update_cluster/privatecilium/cloudformation.json index 20b85a5244560..e9dab7d0c80c9 100644 --- a/tests/integration/update_cluster/privatecilium/cloudformation.json +++ b/tests/integration/update_cluster/privatecilium/cloudformation.json @@ -323,6 +323,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.micro", "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -434,6 +438,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, @@ -541,6 +549,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, diff --git a/tests/integration/update_cluster/privatecilium/kubernetes.tf b/tests/integration/update_cluster/privatecilium/kubernetes.tf index 0415c7e8b2bd3..7993f4a2c54d9 100644 --- a/tests/integration/update_cluster/privatecilium/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium/kubernetes.tf @@ -429,6 +429,10 @@ resource "aws_launch_template" "bastion-privatecilium-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatecilium.example.com" network_interfaces { associate_public_ip_address = true @@ -492,6 +496,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatecilium.example.com" network_interfaces { associate_public_ip_address = false @@ -552,6 +560,10 @@ resource "aws_launch_template" "nodes-privatecilium-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatecilium.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatecilium2/cloudformation.json b/tests/integration/update_cluster/privatecilium2/cloudformation.json index 20b85a5244560..e9dab7d0c80c9 100644 --- a/tests/integration/update_cluster/privatecilium2/cloudformation.json +++ b/tests/integration/update_cluster/privatecilium2/cloudformation.json @@ -323,6 +323,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.micro", "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -434,6 +438,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, @@ -541,6 +549,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, diff --git a/tests/integration/update_cluster/privatecilium2/kubernetes.tf b/tests/integration/update_cluster/privatecilium2/kubernetes.tf index 0415c7e8b2bd3..7993f4a2c54d9 100644 --- a/tests/integration/update_cluster/privatecilium2/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium2/kubernetes.tf @@ -429,6 +429,10 @@ resource "aws_launch_template" "bastion-privatecilium-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatecilium.example.com" network_interfaces { associate_public_ip_address = true @@ -492,6 +496,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatecilium.example.com" network_interfaces { associate_public_ip_address = false @@ -552,6 +560,10 @@ resource "aws_launch_template" "nodes-privatecilium-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatecilium.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json index 600bd5c0c9b1f..2305dd5d65d16 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json +++ b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json @@ -323,6 +323,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.micro", "KeyName": "kubernetes.privateciliumadvanced.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, @@ -434,6 +438,10 @@ "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.privateciliumadvanced.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, @@ -541,6 +549,10 @@ "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.privateciliumadvanced.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": false, diff --git a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf index ce0520dd6506f..70a8e4f377c1c 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf +++ b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf @@ -443,6 +443,10 @@ resource "aws_launch_template" "bastion-privateciliumadvanced-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privateciliumadvanced.example.com" network_interfaces { associate_public_ip_address = true @@ -506,6 +510,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateciliumadvanced- lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privateciliumadvanced.example.com" network_interfaces { associate_public_ip_address = false @@ -566,6 +574,10 @@ resource "aws_launch_template" "nodes-privateciliumadvanced-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privateciliumadvanced.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatedns1/kubernetes.tf b/tests/integration/update_cluster/privatedns1/kubernetes.tf index 989e7111bc0e6..e7c97c175b7f2 100644 --- a/tests/integration/update_cluster/privatedns1/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns1/kubernetes.tf @@ -473,6 +473,10 @@ resource "aws_launch_template" "bastion-privatedns1-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatedns1.example.com" network_interfaces { associate_public_ip_address = true @@ -542,6 +546,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatedns1-example-co lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatedns1.example.com" network_interfaces { associate_public_ip_address = false @@ -608,6 +616,10 @@ resource "aws_launch_template" "nodes-privatedns1-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatedns1.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatedns2/kubernetes.tf b/tests/integration/update_cluster/privatedns2/kubernetes.tf index 7707526a2469a..09269fa1f51d5 100644 --- a/tests/integration/update_cluster/privatedns2/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns2/kubernetes.tf @@ -415,6 +415,10 @@ resource "aws_launch_template" "bastion-privatedns2-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatedns2.example.com" network_interfaces { associate_public_ip_address = true @@ -478,6 +482,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatedns2-example-co lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatedns2.example.com" network_interfaces { associate_public_ip_address = false @@ -538,6 +546,10 @@ resource "aws_launch_template" "nodes-privatedns2-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatedns2.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privateflannel/kubernetes.tf b/tests/integration/update_cluster/privateflannel/kubernetes.tf index 5dfe1e07fa114..0324a53ad3189 100644 --- a/tests/integration/update_cluster/privateflannel/kubernetes.tf +++ b/tests/integration/update_cluster/privateflannel/kubernetes.tf @@ -429,6 +429,10 @@ resource "aws_launch_template" "bastion-privateflannel-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privateflannel.example.com" network_interfaces { associate_public_ip_address = true @@ -492,6 +496,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateflannel-example lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privateflannel.example.com" network_interfaces { associate_public_ip_address = false @@ -552,6 +560,10 @@ resource "aws_launch_template" "nodes-privateflannel-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privateflannel.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privatekopeio/kubernetes.tf b/tests/integration/update_cluster/privatekopeio/kubernetes.tf index ee05e60dc2cd0..2cd7803b12022 100644 --- a/tests/integration/update_cluster/privatekopeio/kubernetes.tf +++ b/tests/integration/update_cluster/privatekopeio/kubernetes.tf @@ -435,6 +435,10 @@ resource "aws_launch_template" "bastion-privatekopeio-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privatekopeio.example.com" network_interfaces { associate_public_ip_address = true @@ -498,6 +502,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatekopeio-example- lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privatekopeio.example.com" network_interfaces { associate_public_ip_address = false @@ -558,6 +566,10 @@ resource "aws_launch_template" "nodes-privatekopeio-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privatekopeio.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/privateweave/kubernetes.tf b/tests/integration/update_cluster/privateweave/kubernetes.tf index f6ef2514feae3..625ba6431305e 100644 --- a/tests/integration/update_cluster/privateweave/kubernetes.tf +++ b/tests/integration/update_cluster/privateweave/kubernetes.tf @@ -429,6 +429,10 @@ resource "aws_launch_template" "bastion-privateweave-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.privateweave.example.com" network_interfaces { associate_public_ip_address = true @@ -492,6 +496,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateweave-example-c lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.privateweave.example.com" network_interfaces { associate_public_ip_address = false @@ -552,6 +560,10 @@ resource "aws_launch_template" "nodes-privateweave-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.privateweave.example.com" network_interfaces { associate_public_ip_address = false diff --git a/tests/integration/update_cluster/public-jwks/kubernetes.tf b/tests/integration/update_cluster/public-jwks/kubernetes.tf index 8031a201a120b..1c8e50c9d8af2 100644 --- a/tests/integration/update_cluster/public-jwks/kubernetes.tf +++ b/tests/integration/update_cluster/public-jwks/kubernetes.tf @@ -304,6 +304,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.minimal.example.com" network_interfaces { associate_public_ip_address = true @@ -364,6 +368,10 @@ resource "aws_launch_template" "nodes-minimal-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.minimal.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/shared_subnet/kubernetes.tf b/tests/integration/update_cluster/shared_subnet/kubernetes.tf index a9493d0a981dc..ce027f339c109 100644 --- a/tests/integration/update_cluster/shared_subnet/kubernetes.tf +++ b/tests/integration/update_cluster/shared_subnet/kubernetes.tf @@ -263,6 +263,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedsubnet-example-c lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.sharedsubnet.example.com" network_interfaces { associate_public_ip_address = true @@ -323,6 +327,10 @@ resource "aws_launch_template" "nodes-sharedsubnet-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.sharedsubnet.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/shared_vpc/kubernetes.tf b/tests/integration/update_cluster/shared_vpc/kubernetes.tf index db64333e3c30a..a6d20f2c87cd6 100644 --- a/tests/integration/update_cluster/shared_vpc/kubernetes.tf +++ b/tests/integration/update_cluster/shared_vpc/kubernetes.tf @@ -263,6 +263,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedvpc-example-com" lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.sharedvpc.example.com" network_interfaces { associate_public_ip_address = true @@ -323,6 +327,10 @@ resource "aws_launch_template" "nodes-sharedvpc-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.sharedvpc.example.com" network_interfaces { associate_public_ip_address = true diff --git a/tests/integration/update_cluster/unmanaged/kubernetes.tf b/tests/integration/update_cluster/unmanaged/kubernetes.tf index 444b50c4f0a91..88d807676a460 100644 --- a/tests/integration/update_cluster/unmanaged/kubernetes.tf +++ b/tests/integration/update_cluster/unmanaged/kubernetes.tf @@ -406,6 +406,10 @@ resource "aws_launch_template" "bastion-unmanaged-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "bastion.unmanaged.example.com" network_interfaces { associate_public_ip_address = true @@ -469,6 +473,10 @@ resource "aws_launch_template" "master-us-test-1a-masters-unmanaged-example-com" lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "master-us-test-1a.masters.unmanaged.example.com" network_interfaces { associate_public_ip_address = false @@ -529,6 +537,10 @@ resource "aws_launch_template" "nodes-unmanaged-example-com" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } name = "nodes.unmanaged.example.com" network_interfaces { associate_public_ip_address = false diff --git a/upup/pkg/fi/cloudup/awstasks/launchconfiguration.go b/upup/pkg/fi/cloudup/awstasks/launchconfiguration.go index 9b29ed7a349a6..22acd1ea1c659 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchconfiguration.go +++ b/upup/pkg/fi/cloudup/awstasks/launchconfiguration.go @@ -60,6 +60,10 @@ type LaunchConfiguration struct { AssociatePublicIP *bool // BlockDeviceMappings is a block device mappings BlockDeviceMappings []*BlockDeviceMapping + // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + HTTPPutResponseHopLimit *int64 + // HTTPTokens is the state of token usage for your instance metadata requests. + HTTPTokens *string // IAMInstanceProfile is the IAM profile to assign to the nodes IAMInstanceProfile *IAMInstanceProfile // ID is the launch configuration name @@ -297,6 +301,11 @@ func (_ *LaunchConfiguration) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *La LaunchConfigurationName: &launchConfigurationName, } + request.MetadataOptions = &autoscaling.InstanceMetadataOptions{ + HttpPutResponseHopLimit: e.HTTPPutResponseHopLimit, + HttpTokens: e.HTTPTokens, + } + if e.SSHKey != nil { request.KeyName = e.SSHKey.Name } diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate.go index 83fde74033b1b..f5d231427c1cc 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate.go @@ -39,6 +39,10 @@ type LaunchTemplate struct { AssociatePublicIP *bool // BlockDeviceMappings is a block device mappings BlockDeviceMappings []*BlockDeviceMapping + // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + HTTPPutResponseHopLimit *int64 + // HTTPTokens is the state of token usage for your instance metadata requests. + HTTPTokens *string // IAMInstanceProfile is the IAM profile to assign to the nodes IAMInstanceProfile *IAMInstanceProfile // ImageID is the AMI to use for the instances diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_api.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_api.go index 54ea2afaf4da1..e97b0c099046c 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_api.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_api.go @@ -42,6 +42,10 @@ func (t *LaunchTemplate) RenderAWS(c *awsup.AWSAPITarget, a, e, changes *LaunchT EbsOptimized: t.RootVolumeOptimization, ImageId: image.ImageId, InstanceType: t.InstanceType, + MetadataOptions: &ec2.LaunchTemplateInstanceMetadataOptionsRequest{ + HttpPutResponseHopLimit: t.HTTPPutResponseHopLimit, + HttpTokens: t.HTTPTokens, + }, NetworkInterfaces: []*ec2.LaunchTemplateInstanceNetworkInterfaceSpecificationRequest{ { AssociatePublicIpAddress: t.AssociatePublicIP, @@ -278,6 +282,12 @@ func (t *LaunchTemplate) Find(c *fi.Context) (*LaunchTemplate, error) { } } + // @step: add instance metadata options + if lt.LaunchTemplateData.MetadataOptions != nil { + actual.HTTPPutResponseHopLimit = lt.LaunchTemplateData.MetadataOptions.HttpPutResponseHopLimit + actual.HTTPTokens = lt.LaunchTemplateData.MetadataOptions.HttpTokens + } + // @step: to avoid spurious changes on ImageId if t.ImageID != nil && actual.ImageID != nil && *actual.ImageID != *t.ImageID { image, err := cloud.ResolveImage(*t.ImageID) diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go index 21ac2f291f322..7ce117ae6ee47 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go @@ -108,6 +108,13 @@ type cloudformationLaunchTemplateTagSpecification struct { Tags []cloudformationTag `json:"Tags,omitempty"` } +type cloudformationLaunchTemplateInstanceMetadataOptions struct { + // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + HTTPPutResponseHopLimit *int64 `json:"HttpPutResponseHopLimit,omitempty"` + // HTTPTokens is the state of token usage for your instance metadata requests. + HTTPTokens *string `json:"HttpTokens,omitempty"` +} + type cloudformationLaunchTemplateData struct { // BlockDeviceMappings is the device mappings BlockDeviceMappings []*cloudformationLaunchTemplateBlockDevice `json:"BlockDeviceMappings,omitempty"` @@ -123,6 +130,8 @@ type cloudformationLaunchTemplateData struct { KeyName *string `json:"KeyName,omitempty"` // MarketOptions are the spot pricing options MarketOptions *cloudformationLaunchTemplateMarketOptions `json:"InstanceMarketOptions,omitempty"` + // MetadataOptions are the instance metadata options. + MetadataOptions *cloudformationLaunchTemplateInstanceMetadataOptions `json:"MetadataOptions,omitempty"` // Monitoring are the instance monitoring options Monitoring *cloudformationLaunchTemplateMonitoring `json:"Monitoring,omitempty"` // NetworkInterfaces are the networking options @@ -171,6 +180,10 @@ func (t *LaunchTemplate) RenderCloudformation(target *cloudformation.Cloudformat EBSOptimized: e.RootVolumeOptimization, ImageID: image, InstanceType: e.InstanceType, + MetadataOptions: &cloudformationLaunchTemplateInstanceMetadataOptions{ + HTTPTokens: e.HTTPTokens, + HTTPPutResponseHopLimit: e.HTTPPutResponseHopLimit, + }, NetworkInterfaces: []*cloudformationLaunchTemplateNetworkInterface{ { AssociatePublicIPAddress: e.AssociatePublicIP, diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation_test.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation_test.go index ead2b6ee48a78..ff41a7ac4fd2b 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation_test.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation_test.go @@ -47,7 +47,9 @@ func TestLaunchTemplateCloudformationRender(t *testing.T) { {Name: fi.String("nodes-1"), ID: fi.String("1111")}, {Name: fi.String("nodes-2"), ID: fi.String("2222")}, }, - Tenancy: fi.String("dedicated"), + Tenancy: fi.String("dedicated"), + HTTPTokens: fi.String("required"), + HTTPPutResponseHopLimit: fi.Int64(1), }, Expected: `{ "Resources": { @@ -72,6 +74,10 @@ func TestLaunchTemplateCloudformationRender(t *testing.T) { "MaxPrice": "10" } }, + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "required" + }, "Monitoring": { "Enabled": true }, @@ -130,7 +136,9 @@ func TestLaunchTemplateCloudformationRender(t *testing.T) { {Name: fi.String("nodes-1"), ID: fi.String("1111")}, {Name: fi.String("nodes-2"), ID: fi.String("2222")}, }, - Tenancy: fi.String("dedicated"), + Tenancy: fi.String("dedicated"), + HTTPTokens: fi.String("optional"), + HTTPPutResponseHopLimit: fi.Int64(1), }, Expected: `{ "Resources": { @@ -158,6 +166,10 @@ func TestLaunchTemplateCloudformationRender(t *testing.T) { }, "InstanceType": "t2.medium", "KeyName": "mykey", + "MetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "optional" + }, "Monitoring": { "Enabled": true }, diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go index a456a7f45097c..5fe58fa04f204 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go @@ -108,6 +108,13 @@ type terraformLaunchTemplateTagSpecification struct { Tags map[string]string `json:"tags,omitempty" cty:"tags"` } +type terraformLaunchTemplateInstanceMetadata struct { + // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + HTTPPutResponseHopLimit *int64 `json:"http_put_response_hop_limit,omitempty" cty:"http_put_response_hop_limit"` + // HTTPTokens is the state of token usage for your instance metadata requests. + HTTPTokens *string `json:"http_tokens,omitempty" cty:"http_tokens"` +} + type terraformLaunchTemplate struct { // Name is the name of the launch template Name *string `json:"name,omitempty" cty:"name"` @@ -128,6 +135,8 @@ type terraformLaunchTemplate struct { KeyName *terraform.Literal `json:"key_name,omitempty" cty:"key_name"` // MarketOptions are the spot pricing options MarketOptions []*terraformLaunchTemplateMarketOptions `json:"instance_market_options,omitempty" cty:"instance_market_options"` + // MetadataOptions are the instance metadata options. + MetadataOptions *terraformLaunchTemplateInstanceMetadata `json:"metadata_options,omitempty" cty:"metadata_options"` // Monitoring are the instance monitoring options Monitoring []*terraformLaunchTemplateMonitoring `json:"monitoring,omitempty" cty:"monitoring"` // NetworkInterfaces are the networking options @@ -173,6 +182,10 @@ func (t *LaunchTemplate) RenderTerraform(target *terraform.TerraformTarget, a, e ImageID: image, InstanceType: e.InstanceType, Lifecycle: &terraform.Lifecycle{CreateBeforeDestroy: fi.Bool(true)}, + MetadataOptions: &terraformLaunchTemplateInstanceMetadata{ + HTTPTokens: e.HTTPTokens, + HTTPPutResponseHopLimit: e.HTTPPutResponseHopLimit, + }, NetworkInterfaces: []*terraformLaunchTemplateNetworkInterface{ { AssociatePublicIPAddress: e.AssociatePublicIP, diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go index 613184278b379..d07cae382f1d2 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go @@ -48,7 +48,9 @@ func TestLaunchTemplateTerraformRender(t *testing.T) { {Name: fi.String("nodes-1"), ID: fi.String("1111")}, {Name: fi.String("nodes-2"), ID: fi.String("2222")}, }, - Tenancy: fi.String("dedicated"), + Tenancy: fi.String("dedicated"), + HTTPTokens: fi.String("optional"), + HTTPPutResponseHopLimit: fi.Int64(1), }, Expected: `provider "aws" { region = "eu-west-2" @@ -72,6 +74,10 @@ resource "aws_launch_template" "test" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 1 + http_tokens = "optional" + } monitoring { enabled = true } @@ -126,7 +132,9 @@ terraform { {Name: fi.String("nodes-1"), ID: fi.String("1111")}, {Name: fi.String("nodes-2"), ID: fi.String("2222")}, }, - Tenancy: fi.String("dedicated"), + Tenancy: fi.String("dedicated"), + HTTPTokens: fi.String("required"), + HTTPPutResponseHopLimit: fi.Int64(5), }, Expected: `provider "aws" { region = "eu-west-2" @@ -151,6 +159,10 @@ resource "aws_launch_template" "test" { lifecycle { create_before_destroy = true } + metadata_options { + http_put_response_hop_limit = 5 + http_tokens = "required" + } monitoring { enabled = true }