Loading...

Type: Bug
Resolution: Done
Priority: Medium
Fix Version/s: OSC 1.5.1
Affects Version/s: OSC 1.5.0
Component/s: None
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
Release Note Text:

Hide
When you request the instance metadata of a peer pod VM running on AWS or Azure, the AWS or Azure Instance Metadata Service returns the metadata of the worker node instead of the pod. There is no workaround for this issue. (link:https://issues.redhat.com/browse/KATA-2583[*~~KATA-2583~~*])

Show
When you request the instance metadata of a peer pod VM running on AWS or Azure, the AWS or Azure Instance Metadata Service returns the metadata of the worker node instead of the pod. There is no workaround for this issue. (link: https://issues.redhat.com/browse/KATA-2583 [* KATA-2583 *])
Release Note Type:
Known Issue
Release Note Status:
Done
Intelligence Requested:
Market:

Sprint:
Kata Sprint #246
Cost of Delay:
0
WSJF:
0

SFDC Cases Counter:
SFDC Cases Links:

Description

setup-nat-for-imds.service should configure network properly to enable it to recieve instance metadata

Steps to reproduce

1. setup peerpod on aws
2. launch a kata-remote pod with default t3.small instance type
3. retrieve podvm instance metadata by rsh pod:

curl http://169.254.169.254/latest/meta-data/instance-type

Expected result

proper instance metadata is recieved (t3.small)

Actual result

sh-4.4$ curl
http://169.254.169.254/latest/meta-data/instance-type
m6i.xlargesh

Impact

metadata recieved are of the worker node, not the podvm

Additional helpful info

[ec2-user@ip-10-0-57-43 ~]$ systemctl status setup-nat-for-imds
○ setup-nat-for-imds.service - Setup NAT for IMDS
Loaded: loaded (/etc/systemd/system/setup-nat-for-imds.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[ec2-user@ip-10-0-57-43 ~]$ journalctl -xeu setup-nat-for-imds.service

Nov 22 13:11:50 ip-10-0-57-43.us-east-2.compute.internal systemd[1]: Starting Setup NAT for IMDS...
░░ Subject: A start job for unit setup-nat-for-imds.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit setup-nat-for-imds.service has begun execution.
░░
░░ The job identifier is 3627.
Nov 22 13:11:50 ip-10-0-57-43.us-east-2.compute.internal setup-nat-for-imds.sh[1389]: net.ipv4.ip_forward = 1
Nov 22 13:11:50 ip-10-0-57-43.us-east-2.compute.internal setup-nat-for-imds.sh[1390]: net.ipv4.conf.veth1.proxy_arp = 1
Nov 22 13:11:50 ip-10-0-57-43.us-east-2.compute.internal setup-nat-for-imds.sh[1391]: net.ipv4.neigh.veth1.proxy_delay = 0
Nov 22 13:11:50 ip-10-0-57-43.us-east-2.compute.internal setup-nat-for-imds.sh[1403]: /usr/local/bin/setup-nat-for-imds.sh: line 39: iptables: command not found
Nov 22 13:11:50 ip-10-0-57-43.us-east-2.compute.internal systemd[1]: setup-nat-for-imds.service: Main process exited, code=exited, status=127/n/a
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ An ExecStart= process belonging to unit setup-nat-for-imds.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 127.
Nov 22 13:11:50 ip-10-0-57-43.us-east-2.compute.internal systemd[1]: setup-nat-for-imds.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit setup-nat-for-imds.service has entered the 'failed' state with result 'exit-code'.
Nov 22 13:11:50 ip-10-0-57-43.us-east-2.compute.internal systemd[1]: Failed to start Setup NAT for IMDS.
░░ Subject: A start job for unit setup-nat-for-imds.service has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit setup-nat-for-imds.service has finished with a failure.
░░
░░ The job identifier is 3627 and the job result is failed.