I recently updated my ec2 instances to use imdSV2 but had to rollback because of the following issue. The below are the commands i am trying to use to get a token and make a call to get the ec2 metadata.
I have created an OIDC provider and made the appropriate IAM changes to my pod policy.
Command:
TOKEN=curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"
\ && curl -H “X-aws-ec2-metadata-token: $TOKEN” -v http://169.254.169.254/latest/meta-data/
It looks like after i did the upgrade my init containers started failing and i saw the following in the logs. I also see the error when trying to run the above curl command from my pod.
Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< content-length: 0
< content-type: text/plain
< date: Mon, 22 Aug 2022 14:30:37 GMT
< server: envoy
< x-envoy-upstream-service-time: 2
Cluster information:
Kubernetes version: EKS 1.21
Cloud being used: AWS
Any ideas on the same would be appreciated.