kube2iam: Fix for eks ipv6

mikkeloscar · mikkeloscar · commit 1559c40badf2 · 2025-04-07T11:10:53.000+02:00
Signed-off-by: Mikkel Oscar Lyderik Larsen &lt;mikkel.larsen@zalando.de&gt;
diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
@@ -777,14 +777,18 @@ tracing_coredns_local_zone_traces_endpoint: ""
 # AMI id given the image name and the Image AWS account owner.
 #
 # [0]: https://github.com/zalando-incubator/cluster-lifecycle-manager/blob/8a9bd1cb2d094038a9e23e646421f8146b48886a/provisioner/template.go#L116
-kuberuntu_image_v1_31_old_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.4-amd64-master-359" "861068367966" }}
-kuberuntu_image_v1_31_old_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.4-arm64-master-359" "861068367966" }}
-kuberuntu_image_v1_31_new_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.6-amd64-master-368" "861068367966" }}
-kuberuntu_image_v1_31_new_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.6-arm64-master-368" "861068367966" }}
+kuberuntu_image_v1_31_aws_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.6-amd64-master-368" "861068367966" }}
+kuberuntu_image_v1_31_aws_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.6-arm64-master-368" "861068367966" }}
+kuberuntu_image_v1_31_eks_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.7-amd64-master-371" "861068367966" }}
+kuberuntu_image_v1_31_eks_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.7-arm64-master-371" "861068367966" }}
 
 # This is used to determine which AMI to use for the cluster or individual node
-# pools. Possible values are 'new' or 'old'
-kuberuntu_ami_version: "new"
+# pools. Possible values are 'aws' or 'eks'
+{{if eq .Cluster.Provider "zalando-eks"}}
+kuberuntu_ami_version: "eks"
+{{else}}
+kuberuntu_ami_version: "aws"
+{{end}}
 
 # Feature toggle for auditing events
 audit_pod_events: "true"
diff --git a/cluster/manifests/02-admission-control/config.yaml b/cluster/manifests/02-admission-control/config.yaml
@@ -45,6 +45,10 @@ data:
   pod.env-inject.variable._PLATFORM_OBSERVABILITY_METRICS_PORT: "{{ .Cluster.ConfigItems.observability_metrics_port }}"
   pod.env-inject.variable._PLATFORM_OBSERVABILITY_ACCESS_TOKEN: "{{ .Cluster.ConfigItems.lightstep_token }}"
   pod.env-inject.variable._PLATFORM_OBSERVABILITY_COMMON_ATTRIBUTE_CLOUD__ACCOUNT__ID : "{{ .Cluster.Alias }}"
+{{- if and (eq .Cluster.Provider "zalando-eks") (eq .Cluster.ConfigItems.eks_ip_family "ipv6")}}
+  pod.env-inject.variable.AWS_EC2_METADATA_SERVICE_ENDPOINT: "http://[fd00:ec2::254]"
+  pod.env-inject.variable.AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE: "IPv6"
+{{- end }}
 {{- if eq .Cluster.Environment "e2e" }}
   pod.env-inject.variable._PLATFORM_E2E: "injected"
 {{- end }}
diff --git a/cluster/manifests/kube2iam/daemonset.yaml b/cluster/manifests/kube2iam/daemonset.yaml
@@ -38,7 +38,7 @@ spec:
         effect: NoExecute
       hostNetwork: true
       containers:
-      - image: container-registry.zalando.net/teapot/kube2iam:0.12.0-master-19.patched
+      - image: container-registry.zalando.net/teapot/kube2iam:0.12.0-master-22.patched
         name: kube2iam
         args:
         - --auto-discover-base-arn
diff --git a/cluster/node-pools/worker-combined/stack.yaml b/cluster/node-pools/worker-combined/stack.yaml
@@ -132,6 +132,11 @@ Resources:
     Properties:
       LaunchTemplateName: '{{.Cluster.LocalID}}-{{ .NodePool.Name }}'
       LaunchTemplateData:
+{{- if and (eq .Cluster.Provider "zalando-eks") (eq .Cluster.ConfigItems.eks_ip_family "ipv6") }}
+        MetadataOptions:
+          HttpEndpoint: enabled
+          HttpProtocolIpv6: enabled
+{{- end }}
         TagSpecifications:
         - ResourceType: "volume"
           Tags:
diff --git a/cluster/node-pools/worker-karpenter/provisioners.yaml b/cluster/node-pools/worker-karpenter/provisioners.yaml
@@ -11,7 +11,11 @@ spec:
     - id: {{ index .NodePool.ConfigItems (print "kuberuntu_image_v1_31_" .NodePool.ConfigItems.kuberuntu_ami_version "_arm64") }}
   metadataOptions:
     httpEndpoint: enabled
+    # {{ if and (eq .Cluster.Provider "zalando-eks") (eq .Cluster.ConfigItems.eks_ip_family "ipv6") }}
+    httpProtocolIPv6: enabled
+    # {{ else }}
     httpProtocolIPv6: disabled
+    # {{ end }}
     httpPutResponseHopLimit: 2
     httpTokens: optional
   subnetSelectorTerms:
diff --git a/cluster/node-pools/worker-splitaz/stack.yaml b/cluster/node-pools/worker-splitaz/stack.yaml
@@ -137,6 +137,11 @@ Resources:
     Properties:
       LaunchTemplateName: '{{ .Cluster.LocalID }}-{{ .NodePool.Name }}'
       LaunchTemplateData:
+{{- if and (eq .Cluster.Provider "zalando-eks") (eq .Cluster.ConfigItems.eks_ip_family "ipv6") }}
+        MetadataOptions:
+          HttpEndpoint: enabled
+          HttpProtocolIpv6: enabled
+{{- end }}
         TagSpecifications:
         - ResourceType: "volume"
           Tags:
