-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does not work on Fresh EKS Cluster with Amazon Linux 2023 AMI Type Nodes #3695
Comments
/kind bug |
@sschamp, hi, it might be the ec2 instance use hop limit as 1 for default, can you change the hop limit to 2 and see if it fixes the issue? or you can specify the |
I went with the option of manually specifying |
Thanks for the confirmation, closing it now. |
Can we please reopen? Although setting |
@fcuello-fudo, can you check your instance hop limit? in order for the controller to fetch the vpc id it requires the hop limit to be at least 2 |
Describe the bug
The pods fail to run on EKS Nodes which are using AL2023 instead of AL2:
Steps to reproduce
Amazon Linux 2023 (x86_64) Standard (AL2023_x86_64_STANDARD)
aws-load-balancer-controller-*
on the new Nodes (either by setting NodeAffinity, or by using a New Cluster)Expected outcome
The Pods to be able to read the meta-data of the Node Instance.
Environment
Additional Context:
It might be because AL2023 no longer allows you to query
http://169.254.169.254/latest/meta-data/
directly.They have started using IMDSv2 instead of IMDSv1. (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html)
You need to provide a token first:
curl -s http://169.254.169.254/latest/meta-data/ --header "X-aws-ec2-metadata-token: $TOKEN"
eg:
/usr/bin/curl --noproxy '*' -w "\n" -s -H "X-aws-ec2-metadata-token: $(curl --noproxy '*' -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")" http://169.254.169.254/latest/meta-data/instance-id
The text was updated successfully, but these errors were encountered: