eksctl icon indicating copy to clipboard operation
eksctl copied to clipboard

Published 20 hours ago verified publisher icon eksctl-io

[Feature] Make HttpPutResponseHopLimit configurable

Open nikita-b opened this issue 11 months ago • 4 comments

What feature/behavior/change do you want?

We need to have HttpPutResponseHopLimit == 3

Why do you want this feature?

We use DIND in our Kubernetes cluster (it's cluster for Gitlab agents) and we can't disable IMDSv1 because hop from DIND container is 3

nikita-b avatar Mar 19 '24 18:03 nikita-b

Hello nikita-b :wave: Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-5 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website

github-actions[bot] avatar Mar 19 '24 18:03 github-actions[bot]

Hi @nikita-b , may I ask a couple questions for clarification:

  • are you using self-managed or EKS-managed nodes? For EKS-managed nodes, as a workaround, you can use a custom launch template where you manually configure hop limit to 3.
  • from what I see, eksctl sets hop limit by default to 2, regardless which IMDS version is being used (code snippet below). Do you want to have configurable hop limit just to be able to disable IMDSv1? If so, how does your cluster config look at the moment so that IMDSv1 works with hop limit 2?

https://github.com/eksctl-io/eksctl/blob/76902cddd97a4e2d838158e6352addd95f7385b1/pkg/cfn/builder/nodegroup.go#L534-L547

TiberiuGC avatar Mar 20 '24 09:03 TiberiuGC

Hello @TiberiuGC,

are you using self-managed or EKS-managed nodes? For EKS-managed nodes, as a workaround, you can use a custom launch template where you manually configure hop limit to 3.

We use self-managed nodes.

from what I see, eksctl sets hop limit by default to 2, regardless which IMDS version is being used (code snippet below). Do you want to have configurable hop limit just to be able to disable IMDSv1? If so, how does your cluster config look at the moment so that IMDSv1 works with hop limit 2?

Nope, I want to have access to AWS metadata from containers that with Docker-in-Docker. Because in this case we have hop == 3 (Container with application network interface -> Container with Docker network interface -> Host network interface).

nikita-b avatar Mar 27 '24 17:03 nikita-b

+1. I would like to be able to specify the hopLimit in my clusterConfig so I can avoid having to create launch templates prior to creating the cluster just so I can set the hop limit = 2.

CrisNevares avatar Apr 25 '24 22:04 CrisNevares