Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: CA does not work properly while using AWS EC2 IMDSv2 #4127

Merged
merged 3 commits into from
Jul 22, 2021
Merged

Fix: CA does not work properly while using AWS EC2 IMDSv2 #4127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0f5fde6
use aws sdk to find region
darkpssngr Jun 9, 2021
b73ff76
update readme
darkpssngr Jun 9, 2021
b2f7fcc
Update cluster-autoscaler/cloudprovider/aws/README.md
darkpssngr Jul 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions cluster-autoscaler/cloudprovider/aws/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -355,3 +355,6 @@ To refresh static list, please run `go run ec2_instance_types/gen.go` under
`aws:///us-east-1a/i-01234abcdef`.
* If you want to use regional STS endpoints (e.g. when using VPC endpoint for
STS) the env `AWS_STS_REGIONAL_ENDPOINTS=regional` should be set.
* If you want to run it on instances with IMDSv1 disabled make sure your
EC2 launch configuration has the setting `Metadata response hop limit` set to `2`.
Otherwise, the `/latest/api/token` call will timeout and result in an error. See [AWS docs here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html#configuring-instance-metadata-options) for further information.
28 changes: 9 additions & 19 deletions cluster-autoscaler/cloudprovider/aws/aws_util.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,10 @@ import (
"encoding/json"
"errors"
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/endpoints"
"github.com/aws/aws-sdk-go/aws/session"
"io/ioutil"
klog "k8s.io/klog/v2"
"net/http"
Expand All @@ -31,7 +34,7 @@ import (
)

var (
ec2MetaDataServiceUrl = "http://169.254.169.254/latest/dynamic/instance-identity/document"
ec2MetaDataServiceUrl = "http://169.254.169.254"
ec2PricingServiceUrlTemplate = "https://pricing.us-east-1.amazonaws.com/offers/v1.0/aws/AmazonEC2/current/%s/index.json"
ec2PricingServiceUrlTemplateCN = "https://pricing.cn-north-1.amazonaws.com.cn/offers/v1.0/cn/AmazonEC2/current/%s/index.json"
staticListLastUpdateTime = "2020-12-07"
Expand Down Expand Up @@ -169,26 +172,13 @@ func GetCurrentAwsRegion() (string, error) {
region, present := os.LookupEnv("AWS_REGION")

if !present {
klog.V(1).Infof("fetching %s\n", ec2MetaDataServiceUrl)
res, err := http.Get(ec2MetaDataServiceUrl)
c := aws.NewConfig().
WithEndpoint(ec2MetaDataServiceUrl)
sess, err := session.NewSession()
if err != nil {
return "", fmt.Errorf("Error fetching %s", ec2MetaDataServiceUrl)
return "", fmt.Errorf("failed to create session")
}

defer res.Body.Close()

body, err := ioutil.ReadAll(res.Body)
if err != nil {
return "", fmt.Errorf("Error parsing %s", ec2MetaDataServiceUrl)
}

var unmarshalled = map[string]string{}
err = json.Unmarshal(body, &unmarshalled)
if err != nil {
klog.Warningf("Error unmarshalling %s, skip...\n", ec2MetaDataServiceUrl)
}

region = unmarshalled["region"]
return ec2metadata.New(sess, c).Region()
}

return region, nil
Expand Down