- Newest
- Most votes
- Most comments
Hello,
The error logs indicate the EBS CSI driver is unable to create volumes due to a failed attempt to retrieve credentials from the Instance Metadata Service Version 2 (IMDSv2).
Verify IMDSv2 on AL2023 Nodes:
Run curl -v http://169.254.169.254/latest/meta-data/iam/security-credentials on an AL2023 node. A successful response indicates IMDSv2 is functional.
Check EBS CSI Driver Compatibility:
Refer to the driver's documentation (search online for the specific driver version) to confirm compatibility with AL2023 and its reliance on IMDSv2.
Kubernetes Documentation (search for "EBS CSI Driver"): https://kubernetes.io/docs/home/
Amazon EC2 Instance Metadata Service Version 2: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
thank you so much for your response. but imds2 is session based access like its create temprory token for access that request and get metadata form that instance.
example command given by aws document: TOKEN=
curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"
AWS document:- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-metadata-v2-how-it-works.html
Make sure the AL2023 instance has the IAM Profile set (same as the AL2 instance) so that it is able to get permissions to call EC2 APIs.
Hope this helps!
i appreciate your answer. thank you but i checked that you given idea. it seems i set same profile as AL2 instance
I believe this is caused by the hop limit restriction in IMDSv2. You can try adjusting the HttpPutResponseHopLimit to 2, and you can use a launch template to start new cluster instances.
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
below link is how imds2 work https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-metadata-v2-how-it-works.html