Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] eksctl no EC2 IMDS role found, operation error ec2imds while running in docker container #8018

Open
cantonnetwork-infstones opened this issue Oct 25, 2024 · 4 comments

Comments

@cantonnetwork-infstones
Copy link

cantonnetwork-infstones commented Oct 25, 2024

What were you trying to accomplish?

Any eksctl get command fails. Did not test other commands. This works well on the same EC2 instance where we are running the docker container.

eksctl get iamserviceaccount --cluster <cluster-name>  # or any iamserviceaccount command

Expected Output:

app-ns		app		arn:aws:iam::xxxxx:role/xyz

What happened?

Any eksctl version higher than v0.185.0 does not work in a container while v0.185.0 works. We get the below error for anything above v0.185.0

Error: could not create cluster provider from options: checking AWS STS access – cannot get role ARN for current session: operation error STS: GetCallerIdentity, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, get identity: get credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, canceled, context deadline exceeded

The following command does give proper output

aws sts get-caller-identity
{
    "UserId": "AROATxxxxxx:botocore-session-12345",
    "Account": "123456",
    "Arn": "arn:aws:sts::123456:assumed-role/xxxx/botocore-session-12345"
}

How to reproduce it?

To reproduce run any version of eksctl above v0.185.0 in a docker container.

~/aws/config is configured as follows

[default]
region = us-east-1

~/.aws/credentials is configured as follows

[app-01]
region=us-east-1
role_arn=arn:aws:iam::12345:role/app-01
credential_source=Ec2InstanceMetadata
duration_seconds=3600
export AWS_PROFILE=app-01
eksctl get iamserviceaccount --cluster xyz

Logs

eksctl get iamserviceaccount --cluster xyz -v4
2024-10-25 03:57:15 [▶]  Setting credentials expiry window to 30 minutes
2024-10-25 03:57:15 [▶]  Setting credentials expiry window to 30 minutes
Error: could not create cluster provider from options: checking AWS STS access – cannot get role ARN for current session: operation error STS: GetCallerIdentity, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, get identity: get credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, canceled, context deadline exceeded

Anything else we need to know?

  • OS: ubuntu 22.04 (both docker and ec2)
  • Downloaded the binary using the official documentation

Versions

$ eksctl info

eksctl version: 0.194.0
kubectl version: v1.31.2
OS: linux
Copy link
Contributor

Hello cantonnetwork-infstones 👋 Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-5 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website

@cantonnetwork-infstones cantonnetwork-infstones changed the title [Bug] eksctl iamserviceaccount no EC2 IMDS role found, operation error ec2imds while running in docker container [Bug] eksctl no EC2 IMDS role found, operation error ec2imds while running in docker container Oct 25, 2024
@cantonnetwork-infstones
Copy link
Author

Any update on this?

Copy link
Contributor

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the stale label Jan 12, 2025
@cantonnetwork-infstones
Copy link
Author

Hello, any update?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant