kube2iam icon indicating copy to clipboard operation
kube2iam copied to clipboard

Published 20 hours ago verified publisher icon jtblin

kube2iam IMDSv2 support

Open mimek opened this issue 3 years ago • 3 comments

Hello, I'm trying to use IMDSv2 with kube2iam (version 0.10.11). When I change instance metadata to force only IMDSv2 usage (with AWS-CLI), kube2iam throws error:

time="2020-09-28T08:23:23Z" level=error msg="Error getting instance id, got status: 401 Unauthorized" time="2020-09-28T08:23:23Z" level=info msg="Listening on port 8181"

and restarts, getting into crashLoopbackOff. When I revert, with support to IMDSv2 and v1, kube2iam starts to work. What should I do to benefit from IMDSv2?

Kind regards, mimek

mimek avatar Sep 28 '20 08:09 mimek

Hi,

Am also getting the same error, when I change instance metadata to IMDSv2. Do we have any solution or workaround on this?

mhdramzeen avatar Oct 22 '20 11:10 mhdramzeen

so I hit the same problem few days ago, decided to go with the native EKS solution instead (assuming you guys are using the managed k8s) - Introducing fine-grained IAM roles for service accounts

wakeful avatar Nov 06 '20 16:11 wakeful

https://github.com/jtblin/kube2iam/pull/344 was merged so this one can be closed

szuecs avatar Jan 04 '24 13:01 szuecs