New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
eksctl version 0.15.0 times out with commands run on EC2 instances. #1979
Comments
Same issue with both 0.15.0 and 0.16.0-rc.1 using a mac |
@jcleal 👋 Same for me. Running eksctl as part of a CI pipeline on an ec2 instance with the same IAM policy above attached to the ec2 instance profile. Works on eksctl 0.10.0. Same command run locally (using AWS_PROFILE set to a working profile) works on 0.16.0. |
The issue is due to AWS changing the method in which you get a token from the the instance metadata service. Before aws-sdk-go v1.25.38 the way to GET a token was using the Instance Metadata Service Version 1. Since then, IMDSv2 uses a PUT method
To be able to run eksctl in a container and have it successfully authenticate, you will need to have Docker use the host network (to reduce the request's hop count) or increase the max allowed hops to 2 like so:
Sources: aws/aws-sdk-go#2972 |
I think we can close this as the solution provided above should solve this issue. |
not directly related to this topic, but the same error message can occur if eksctl is run with the incorrect AWS profile set.
|
What happened?
Running
eksctl update cluster -f path/to/config.yml
has this error:before returning:
and then executes the update cluster successfully at the end.
What you expected to happen?
Running
eksctl update cluster -f path/to/config.yml
runs successfully without any timeouts.How to reproduce it?
Run
eksctl
on an EC2 instance (I'm usingAmazon Linux 2
)Anything else we need to know?
The following IAM role policy was applied to the instance:
Versions
Please paste in the output of these commands:
Logs
The text was updated successfully, but these errors were encountered: