-
Notifications
You must be signed in to change notification settings - Fork 797
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document the fact that access to cloud metadata is disabled by default #698
Comments
I'd be happy to write something up, can one of the maintainers assign the ticket to me? |
@cam72cam are you working on this issue? Thanks! |
@metonymic-smokey as it has passed long time, you can certainly work on this! ❤️! Note that I think this is a Kubernetes issue in general, at least on GKE as well. I don't understand all this so well either other than we block network access from our user pods to avoid an issue. |
@consideRatio @wookasz this page in the Security docs touches upon something similar in the Cloud Metadata server security section. It has a brief on how to run For a start, I've added a brief note about init containers overriding Another issue with the page: The page referred above has some commands misaligned with their code blocks and some minor errors. I've tried to fix those here too. Thanks! |
It's not immediately obvious that
iptables
are overridden with an init container, blocking access to EC2 metadata.This should be documented somewhere. Perhaps in https://zero-to-jupyterhub.readthedocs.io/en/latest/amazon/step-zero-aws.html.
The text was updated successfully, but these errors were encountered: