search

jtblin / kube2iam

kube2iam provides different AWS IAM roles for pods running on Kubernetes
BSD 3-Clause "New" or "Revised" License
1.96k stars 318 forks source link

Ec2 Metadata updgrade from imdSV1 to imdSV2 causes 403 and 401 error- kube2iam #345

Open ContraBoy9999 opened 1 year ago

ContraBoy9999 commented 1 year ago

Hi All, I recently updated my ec2 instances to use imdSV2 but had to rollback because of the following issue:

It looks like after i did the upgrade my init containers started failing and i saw the following in the logs:

time="2022-01-11T14:25:01Z" level=info msg="PUT /latest/api/token (403) took 0.753220 ms" req.method=PUT req.path=/latest/api/token req.remote=XXXXX res.duration=0.75322 res.status=403 time="2022-01-11T14:25:37Z" level=error msg="Error getting instance id, got status: 401 Unauthorized"

We are using Kube2iam for the same. Any advice what changes need to be done on the Kube2iam side to support imdSV2? Below is some info from my kube2iam daemonset: EKS =1.21 image = "jtblin/kube2iam:0.10.9"

volkert-fastned commented 11 months ago

This seems to be a duplicate of https://github.com/jtblin/kube2iam/issues/339

And there also appears to already be an outstanding Pull Request, that has been open for almost a year now: https://github.com/jtblin/kube2iam/pull/344