From dc3a70990fd2ede06b4cf88cceeb23fb92d7f99c Mon Sep 17 00:00:00 2001 From: Bharath Vedartham Date: Thu, 10 Dec 2020 01:27:56 +0530 Subject: [PATCH] Explicitly specify http_endpoint in launch_template terraform http_endpoint has to be explicitly specified in the metadata_options block of the launch template terraform according to issue https://github.com/hashicorp/terraform-provider-aws/issues/12564 --- docs/instance_groups.md | 11 +++++++++++ .../bastionadditional_user-data/kubernetes.tf | 3 +++ .../integration/update_cluster/complex/kubernetes.tf | 2 ++ .../integration/update_cluster/compress/kubernetes.tf | 2 ++ .../update_cluster/existing_iam/kubernetes.tf | 4 ++++ .../update_cluster/existing_sg/kubernetes.tf | 4 ++++ .../update_cluster/externallb/kubernetes.tf | 2 ++ .../update_cluster/externalpolicies/kubernetes.tf | 2 ++ tests/integration/update_cluster/ha/kubernetes.tf | 4 ++++ .../update_cluster/minimal-json/kubernetes.tf.json | 2 ++ .../integration/update_cluster/minimal/kubernetes.tf | 2 ++ .../update_cluster/mixed_instances/kubernetes.tf | 4 ++++ .../update_cluster/mixed_instances_spot/kubernetes.tf | 4 ++++ .../update_cluster/private-shared-ip/kubernetes.tf | 3 +++ .../private-shared-subnet/kubernetes.tf | 3 +++ .../update_cluster/privatecalico/kubernetes.tf | 3 +++ .../update_cluster/privatecanal/kubernetes.tf | 3 +++ .../update_cluster/privatecilium/kubernetes.tf | 3 +++ .../update_cluster/privatecilium2/kubernetes.tf | 3 +++ .../privateciliumadvanced/kubernetes.tf | 3 +++ .../update_cluster/privatedns1/kubernetes.tf | 3 +++ .../update_cluster/privatedns2/kubernetes.tf | 3 +++ .../update_cluster/privateflannel/kubernetes.tf | 3 +++ .../update_cluster/privatekopeio/kubernetes.tf | 3 +++ .../update_cluster/privateweave/kubernetes.tf | 3 +++ .../update_cluster/public-jwks/kubernetes.tf | 2 ++ .../update_cluster/shared_subnet/kubernetes.tf | 2 ++ .../update_cluster/shared_vpc/kubernetes.tf | 2 ++ .../update_cluster/unmanaged/kubernetes.tf | 3 +++ .../awstasks/launchtemplate_target_terraform.go | 4 ++++ .../awstasks/launchtemplate_target_terraform_test.go | 2 ++ 31 files changed, 97 insertions(+) diff --git a/docs/instance_groups.md b/docs/instance_groups.md index f610ba6c10ea1..8b94ebf417a7e 100644 --- a/docs/instance_groups.md +++ b/docs/instance_groups.md @@ -45,6 +45,17 @@ spec: instanceProtection: true ``` +## instanceMetadata + +Instance metadata service v1 can be disabled and only instance metadata v2 can be enabled for instances within an instance group. + +```YAML +spec: + instanceMetadata: + httpPutResponseHopLimit: 1 + httpTokens: required +``` + ## externalLoadBalancers Instance groups can be linked to up to 10 load balancers. When attached, any instance launched will diff --git a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf index ceba5aca7ba4a..1c4361da94010 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf +++ b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf @@ -431,6 +431,7 @@ resource "aws_launch_template" "bastion-bastionuserdata-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -500,6 +501,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-bastionuserdata-exampl create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -565,6 +567,7 @@ resource "aws_launch_template" "nodes-bastionuserdata-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/complex/kubernetes.tf b/tests/integration/update_cluster/complex/kubernetes.tf index d238dfbbb6f74..b4aa505339284 100644 --- a/tests/integration/update_cluster/complex/kubernetes.tf +++ b/tests/integration/update_cluster/complex/kubernetes.tf @@ -299,6 +299,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-complex-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "required" } @@ -379,6 +380,7 @@ resource "aws_launch_template" "nodes-complex-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/compress/kubernetes.tf b/tests/integration/update_cluster/compress/kubernetes.tf index 854c13f2fb3bd..12d26e14f8729 100644 --- a/tests/integration/update_cluster/compress/kubernetes.tf +++ b/tests/integration/update_cluster/compress/kubernetes.tf @@ -268,6 +268,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-compress-example-com" create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -332,6 +333,7 @@ resource "aws_launch_template" "nodes-compress-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/existing_iam/kubernetes.tf b/tests/integration/update_cluster/existing_iam/kubernetes.tf index 6c075e5cffa46..ce2f583b14464 100644 --- a/tests/integration/update_cluster/existing_iam/kubernetes.tf +++ b/tests/integration/update_cluster/existing_iam/kubernetes.tf @@ -389,6 +389,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-existing-iam-example-c create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -458,6 +459,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-existing-iam-example-c create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -527,6 +529,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-existing-iam-example-c create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -592,6 +595,7 @@ resource "aws_launch_template" "nodes-existing-iam-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/existing_sg/kubernetes.tf b/tests/integration/update_cluster/existing_sg/kubernetes.tf index 4eeb02de08b8d..8302f8dbe9e56 100644 --- a/tests/integration/update_cluster/existing_sg/kubernetes.tf +++ b/tests/integration/update_cluster/existing_sg/kubernetes.tf @@ -470,6 +470,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-existingsg-example-com create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -539,6 +540,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-existingsg-example-com create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -608,6 +610,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-existingsg-example-com create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -673,6 +676,7 @@ resource "aws_launch_template" "nodes-existingsg-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/externallb/kubernetes.tf b/tests/integration/update_cluster/externallb/kubernetes.tf index 22a9fdd1f49b3..d5bdabf8d058a 100644 --- a/tests/integration/update_cluster/externallb/kubernetes.tf +++ b/tests/integration/update_cluster/externallb/kubernetes.tf @@ -283,6 +283,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-externallb-example-com create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -348,6 +349,7 @@ resource "aws_launch_template" "nodes-externallb-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/externalpolicies/kubernetes.tf b/tests/integration/update_cluster/externalpolicies/kubernetes.tf index 90e34b66367e9..cbcf752a6c81b 100644 --- a/tests/integration/update_cluster/externalpolicies/kubernetes.tf +++ b/tests/integration/update_cluster/externalpolicies/kubernetes.tf @@ -347,6 +347,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-externalpolicies-examp create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -418,6 +419,7 @@ resource "aws_launch_template" "nodes-externalpolicies-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/ha/kubernetes.tf b/tests/integration/update_cluster/ha/kubernetes.tf index 8460e2ca84dbf..f96e82f22ff1d 100644 --- a/tests/integration/update_cluster/ha/kubernetes.tf +++ b/tests/integration/update_cluster/ha/kubernetes.tf @@ -441,6 +441,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-ha-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -510,6 +511,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-ha-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -579,6 +581,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-ha-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -644,6 +647,7 @@ resource "aws_launch_template" "nodes-ha-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json index 9df68d287352c..b28b1b282a997 100644 --- a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json +++ b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json @@ -324,6 +324,7 @@ "instance_type": "m3.medium", "key_name": "${aws_key_pair.kubernetes-minimal-json-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}", "metadata_options": { + "http_endpoint": "enabled", "http_put_response_hop_limit": 1, "http_tokens": "optional" }, @@ -400,6 +401,7 @@ "instance_type": "t2.medium", "key_name": "${aws_key_pair.kubernetes-minimal-json-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}", "metadata_options": { + "http_endpoint": "enabled", "http_put_response_hop_limit": 1, "http_tokens": "optional" }, diff --git a/tests/integration/update_cluster/minimal/kubernetes.tf b/tests/integration/update_cluster/minimal/kubernetes.tf index 292861774923b..d30ec4d90dcaf 100644 --- a/tests/integration/update_cluster/minimal/kubernetes.tf +++ b/tests/integration/update_cluster/minimal/kubernetes.tf @@ -279,6 +279,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -344,6 +345,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/mixed_instances/kubernetes.tf b/tests/integration/update_cluster/mixed_instances/kubernetes.tf index 70f2b216872a9..7c304478c9b32 100644 --- a/tests/integration/update_cluster/mixed_instances/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances/kubernetes.tf @@ -459,6 +459,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -528,6 +529,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -597,6 +599,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -662,6 +665,7 @@ resource "aws_launch_template" "nodes-mixedinstances-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf index abe9e7d7434a4..1034ae06a40d8 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf @@ -459,6 +459,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -528,6 +529,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -597,6 +599,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -662,6 +665,7 @@ resource "aws_launch_template" "nodes-mixedinstances-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf index db1bd13457353..b98ec97ccd3b2 100644 --- a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf @@ -408,6 +408,7 @@ resource "aws_launch_template" "bastion-private-shared-ip-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -476,6 +477,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-ip-exam create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -541,6 +543,7 @@ resource "aws_launch_template" "nodes-private-shared-ip-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf index d8eb20552074f..d3d962f2973ce 100644 --- a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf @@ -403,6 +403,7 @@ resource "aws_launch_template" "bastion-private-shared-subnet-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -471,6 +472,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-subnet- create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -536,6 +538,7 @@ resource "aws_launch_template" "nodes-private-shared-subnet-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/privatecalico/kubernetes.tf b/tests/integration/update_cluster/privatecalico/kubernetes.tf index 3e93f506c282c..9532c111fbc4c 100644 --- a/tests/integration/update_cluster/privatecalico/kubernetes.tf +++ b/tests/integration/update_cluster/privatecalico/kubernetes.tf @@ -431,6 +431,7 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -499,6 +500,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example- create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -564,6 +566,7 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/privatecanal/kubernetes.tf b/tests/integration/update_cluster/privatecanal/kubernetes.tf index 7617398d8b580..8651a925baaaa 100644 --- a/tests/integration/update_cluster/privatecanal/kubernetes.tf +++ b/tests/integration/update_cluster/privatecanal/kubernetes.tf @@ -431,6 +431,7 @@ resource "aws_launch_template" "bastion-privatecanal-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -499,6 +500,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecanal-example-c create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -564,6 +566,7 @@ resource "aws_launch_template" "nodes-privatecanal-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/privatecilium/kubernetes.tf b/tests/integration/update_cluster/privatecilium/kubernetes.tf index 568b17e3d44ad..bcaf35d7961d0 100644 --- a/tests/integration/update_cluster/privatecilium/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium/kubernetes.tf @@ -431,6 +431,7 @@ resource "aws_launch_template" "bastion-privatecilium-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -499,6 +500,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -564,6 +566,7 @@ resource "aws_launch_template" "nodes-privatecilium-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/privatecilium2/kubernetes.tf b/tests/integration/update_cluster/privatecilium2/kubernetes.tf index 568b17e3d44ad..bcaf35d7961d0 100644 --- a/tests/integration/update_cluster/privatecilium2/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium2/kubernetes.tf @@ -431,6 +431,7 @@ resource "aws_launch_template" "bastion-privatecilium-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -499,6 +500,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -564,6 +566,7 @@ resource "aws_launch_template" "nodes-privatecilium-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf index 7ec862a8adbcc..e21946fffb5b3 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf +++ b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf @@ -445,6 +445,7 @@ resource "aws_launch_template" "bastion-privateciliumadvanced-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -513,6 +514,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateciliumadvanced- create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -578,6 +580,7 @@ resource "aws_launch_template" "nodes-privateciliumadvanced-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/privatedns1/kubernetes.tf b/tests/integration/update_cluster/privatedns1/kubernetes.tf index a2f63c7ab0523..76e0b02461dd6 100644 --- a/tests/integration/update_cluster/privatedns1/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns1/kubernetes.tf @@ -475,6 +475,7 @@ resource "aws_launch_template" "bastion-privatedns1-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -549,6 +550,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatedns1-example-co create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -620,6 +622,7 @@ resource "aws_launch_template" "nodes-privatedns1-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/privatedns2/kubernetes.tf b/tests/integration/update_cluster/privatedns2/kubernetes.tf index 0cd45ca64ef92..bfb289c5225ca 100644 --- a/tests/integration/update_cluster/privatedns2/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns2/kubernetes.tf @@ -417,6 +417,7 @@ resource "aws_launch_template" "bastion-privatedns2-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -485,6 +486,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatedns2-example-co create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -550,6 +552,7 @@ resource "aws_launch_template" "nodes-privatedns2-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/privateflannel/kubernetes.tf b/tests/integration/update_cluster/privateflannel/kubernetes.tf index 1a4ebee2d594f..277dcbdcb50d2 100644 --- a/tests/integration/update_cluster/privateflannel/kubernetes.tf +++ b/tests/integration/update_cluster/privateflannel/kubernetes.tf @@ -431,6 +431,7 @@ resource "aws_launch_template" "bastion-privateflannel-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -499,6 +500,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateflannel-example create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -564,6 +566,7 @@ resource "aws_launch_template" "nodes-privateflannel-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/privatekopeio/kubernetes.tf b/tests/integration/update_cluster/privatekopeio/kubernetes.tf index 7bd48fdeb270a..50985fc0ac8f8 100644 --- a/tests/integration/update_cluster/privatekopeio/kubernetes.tf +++ b/tests/integration/update_cluster/privatekopeio/kubernetes.tf @@ -437,6 +437,7 @@ resource "aws_launch_template" "bastion-privatekopeio-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -505,6 +506,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatekopeio-example- create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -570,6 +572,7 @@ resource "aws_launch_template" "nodes-privatekopeio-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/privateweave/kubernetes.tf b/tests/integration/update_cluster/privateweave/kubernetes.tf index afd201fc17e07..2e984ce69a53f 100644 --- a/tests/integration/update_cluster/privateweave/kubernetes.tf +++ b/tests/integration/update_cluster/privateweave/kubernetes.tf @@ -431,6 +431,7 @@ resource "aws_launch_template" "bastion-privateweave-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -499,6 +500,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateweave-example-c create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -564,6 +566,7 @@ resource "aws_launch_template" "nodes-privateweave-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/public-jwks/kubernetes.tf b/tests/integration/update_cluster/public-jwks/kubernetes.tf index 0e75587241902..698496a45047f 100644 --- a/tests/integration/update_cluster/public-jwks/kubernetes.tf +++ b/tests/integration/update_cluster/public-jwks/kubernetes.tf @@ -306,6 +306,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -371,6 +372,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/shared_subnet/kubernetes.tf b/tests/integration/update_cluster/shared_subnet/kubernetes.tf index df706dbb27a5d..a6fa2fd7f60d8 100644 --- a/tests/integration/update_cluster/shared_subnet/kubernetes.tf +++ b/tests/integration/update_cluster/shared_subnet/kubernetes.tf @@ -265,6 +265,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedsubnet-example-c create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -330,6 +331,7 @@ resource "aws_launch_template" "nodes-sharedsubnet-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/shared_vpc/kubernetes.tf b/tests/integration/update_cluster/shared_vpc/kubernetes.tf index a11b4e0b07ebe..a3d973bb298cf 100644 --- a/tests/integration/update_cluster/shared_vpc/kubernetes.tf +++ b/tests/integration/update_cluster/shared_vpc/kubernetes.tf @@ -265,6 +265,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedvpc-example-com" create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -330,6 +331,7 @@ resource "aws_launch_template" "nodes-sharedvpc-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/tests/integration/update_cluster/unmanaged/kubernetes.tf b/tests/integration/update_cluster/unmanaged/kubernetes.tf index e02bfb35f4b82..5daab61f3c4d2 100644 --- a/tests/integration/update_cluster/unmanaged/kubernetes.tf +++ b/tests/integration/update_cluster/unmanaged/kubernetes.tf @@ -408,6 +408,7 @@ resource "aws_launch_template" "bastion-unmanaged-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -476,6 +477,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-unmanaged-example-com" create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -541,6 +543,7 @@ resource "aws_launch_template" "nodes-unmanaged-example-com" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go index 2dfbb15e9ebd1..88578bb12dbd1 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go @@ -111,6 +111,8 @@ type terraformLaunchTemplateTagSpecification struct { } type terraformLaunchTemplateInstanceMetadata struct { + // HTTPEndpoint determines whether the ec2 metadata service is available or not. + HTTPEndpoint *string `json:"http_endpoint,omitempty" cty:"http_endpoint"` // HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. HTTPPutResponseHopLimit *int64 `json:"http_put_response_hop_limit,omitempty" cty:"http_put_response_hop_limit"` // HTTPTokens is the state of token usage for your instance metadata requests. @@ -185,6 +187,8 @@ func (t *LaunchTemplate) RenderTerraform(target *terraform.TerraformTarget, a, e InstanceType: e.InstanceType, Lifecycle: &terraform.Lifecycle{CreateBeforeDestroy: fi.Bool(true)}, MetadataOptions: &terraformLaunchTemplateInstanceMetadata{ + // see issue https://github.com/hashicorp/terraform-provider-aws/issues/12564. + HTTPEndpoint: fi.String("enabled"), HTTPTokens: e.HTTPTokens, HTTPPutResponseHopLimit: e.HTTPPutResponseHopLimit, }, diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go index d07cae382f1d2..05abf8511d791 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go @@ -75,6 +75,7 @@ resource "aws_launch_template" "test" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 1 http_tokens = "optional" } @@ -160,6 +161,7 @@ resource "aws_launch_template" "test" { create_before_destroy = true } metadata_options { + http_endpoint = "enabled" http_put_response_hop_limit = 5 http_tokens = "required" }