Correctly deploy the AWS CCM (#1853)

* aws: stop using the imds api for tags * aws: disable tags in imds api * aws: only tag instances with non-lecagy tag * bootstrapper: always let coredns run before cilium * debugd: make debugd less noisy * fixup fix aws imds test * fixup unsued context * move getting instance id to readInstanceTag
2025-05-02 06:16:08 -04:00 · 2023-06-13 09:58:39 +02:00 · 2023-06-13 09:58:39 +02:00 · a2c98eb1d5
commit a2c98eb1d5
parent 4f63481b7d
13 changed files with 687 additions and 163 deletions
--- a/cli/internal/terraform/terraform/aws/main.tf
+++ b/cli/internal/terraform/terraform/aws/main.tf
@ -243,8 +243,8 @@ module "instance_group_control_plane" {
    { Name = local.name },
    { constellation-role = "control-plane" },
    { constellation-uid = local.uid },
-    { KubernetesCluster = "Constellation-${local.uid}" },
-    { constellation-init-secret-hash = local.initSecretHash }
+    { constellation-init-secret-hash = local.initSecretHash },
+    { "kubernetes.io/cluster/${local.name}" = "owned" }
  )
 }

@ -268,7 +268,7 @@ module "instance_group_worker_nodes" {
    { Name = local.name },
    { constellation-role = "worker" },
    { constellation-uid = local.uid },
-    { KubernetesCluster = "Constellation-${local.uid}" },
-    { constellation-init-secret-hash = local.initSecretHash }
+    { constellation-init-secret-hash = local.initSecretHash },
+    { "kubernetes.io/cluster/${local.name}" = "owned" }
  )
 }
--- a/cli/internal/terraform/terraform/aws/modules/instance_group/main.tf
+++ b/cli/internal/terraform/terraform/aws/modules/instance_group/main.tf
@ -23,7 +23,7 @@ resource "aws_launch_template" "launch_template" {
  metadata_options {
    http_endpoint               = "enabled"
    http_tokens                 = "required"
-    instance_metadata_tags      = "enabled"
+    instance_metadata_tags      = "disabled"
    http_put_response_hop_limit = 2
  }