Migrate to IMDS v2 #145
Migrate to IMDS v2 #145
Conversation
| @@ -206,7 +206,7 @@ data: | |||
| [FILTER] | |||
| Name aws | |||
| Match host.* | |||
| imds_version v1 | |||
| imds_version v2 | |||
There was a problem hiding this comment.
To access IMDSv2 with the default hop limit of 1, does the daemonset of FLB need to run in the host network?
There was a problem hiding this comment.
If the hop limit is set to 1, then, yes, the pod would have to use host networking. The default on modern EKS AMIs is set to 2, though. And IMDSv1 wouldn't work with such a hop limit if run as a pod with container networking.
There was a problem hiding this comment.
Yeah from what I've seen, managed EKS nodes are configured with hop limit of 2 by default. This doesn't account for self-managed nodes unfortunately.
|
Is there any way to get a new release for the updated code? The last release was on Jun 29th, which is before this change got merged in.
https://github.com/aws-samples/amazon-cloudwatch-container-insights/tags I am happy to give a release a go if someone could link to documentation on where I'd get some of the agent versions that would need to be updated... Just not obvious, even after reading the contributing doc. Thanks! |
|
Howdy 👋 not sure why this wasn't updated. Let me circle back with the team. We have a new release candidate staged atm so I'll try to make sure that the GitHub releases here get updated too when that rolls out globally |
Description of changes:
Update Fluent Bit example configurations to use EC2 IMDS v2. This will make Fluent Bit work properly on instances launched from recent EKS optimized node AMIs which require HTTP tokens in their IMDS requests. It will continue to work even on older AMIs that don't require HTTP tokens. This is also the new default value for Fluent Bit's AWS plugin.
License
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.