kube2iam IMDSv2 support

[mimek]

Hello,
I'm trying to use IMDSv2 with kube2iam (version 0.10.11). When I change instance metadata to force only IMDSv2 usage (with AWS-CLI), kube2iam throws error:

time="2020-09-28T08:23:23Z" level=error msg="Error getting instance id, got status: 401 Unauthorized" time="2020-09-28T08:23:23Z" level=info msg="Listening on port 8181"

and restarts, getting into crashLoopbackOff. When I revert, with support to IMDSv2 and v1, kube2iam starts to work.
What should I do to benefit from IMDSv2?

Kind regards,
mimek

[mhdramzeen]

Hi,

Am also getting the same error, when I change instance metadata to IMDSv2. Do we have any solution or workaround on this?

[wakeful]

so I hit the same problem few days ago, decided to go with the native EKS solution instead (assuming you guys are using the managed k8s) - Introducing fine-grained IAM roles for service accounts

[szuecs]

#344 was merged so this one can be closed