Skip to content

Commit 7be2f4e

Browse files
mmcgarrmmcgarr
committed
use metadata endpoint to get instance info
1 parent f407af2 commit 7be2f4e

2 files changed

Lines changed: 36 additions & 51 deletions

File tree

config/plugin/launch_config_drift.sh

Lines changed: 26 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -4,50 +4,51 @@ OK=0
44
NONOK=1
55
UNKNOWN=2
66

7-
# Get instance ID from Kubernetes node providerID
8-
if [ -z "${NODE_NAME}" ]; then
9-
exit $UNKNOWN
10-
fi
7+
# Get IMDSv2 token
8+
TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" \
9+
-H "X-aws-ec2-metadata-token-ttl-seconds: 21600" \
10+
--max-time 3 --silent --fail 2>/dev/null)
1111

12-
provider_id="$(curl -s -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
13-
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
14-
"https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/api/v1/nodes/${NODE_NAME}" \
15-
2>/dev/null | jq -r '.spec.providerID')"
16-
17-
if [ -z "${provider_id}" ]; then
12+
if [ -z "${TOKEN}" ]; then
1813
exit $UNKNOWN
1914
fi
2015

21-
# Extract instance ID from providerID (format: aws:///region/instance-id)
22-
instance_id="$(echo "${provider_id}" | awk -F'/' '{print $NF}')"
16+
# Get instance ID and launch template from IMDS
17+
instance_id=$(curl --max-time 3 --silent --fail \
18+
-H "X-aws-ec2-metadata-token: $TOKEN" \
19+
"http://169.254.169.254/latest/meta-data/instance-id")
2320

2421
if [ -z "${instance_id}" ]; then
2522
exit $UNKNOWN
2623
fi
2724

28-
instances="$(aws autoscaling describe-auto-scaling-instances --instance-ids "${instance_id}")"
25+
instance_launch_template=$(curl --max-time 3 --silent --fail \
26+
-H "X-aws-ec2-metadata-token: $TOKEN" \
27+
"http://169.254.169.254/latest/meta-data/tags/instance/aws:ec2launchtemplate:id")
28+
29+
instance_asg=$(curl --max-time 3 --silent --fail \
30+
-H "X-aws-ec2-metadata-token: $TOKEN" \
31+
"http://169.254.169.254/latest/meta-data/tags/instance/aws:autoscaling:groupName")
2932

30-
if [ "$(echo "${instances}" | jq '.AutoScalingInstances | length')" -eq "0" ]
31-
then
33+
if [ -z "${instance_asg}" ] || [ -z "${instance_launch_template}" ]; then
3234
exit $UNKNOWN
3335
fi
3436

35-
instance="$(echo "${instances}" | jq '.AutoScalingInstances[0]')"
36-
instance_launch_config="$(echo "${instance}" | jq -r .LaunchTemplate.LaunchTemplateName)"
37-
instance_asg="$(echo "${instance}" | jq -r .AutoScalingGroupName)"
37+
# Get ASG's current launch template (still requires AWS API)
38+
asgs="$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names "${instance_asg}" 2>/dev/null)"
3839

39-
asgs="$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names ${instance_asg})"
40+
if [ -z "${asgs}" ] || ! echo "${asgs}" | jq empty 2>/dev/null; then
41+
exit $UNKNOWN
42+
fi
4043

41-
if [ "$(echo "${asgs}" | jq '.AutoScalingGroups | length')" -eq "0" ]
42-
then
44+
if [ "$(echo "${asgs}" | jq '.AutoScalingGroups | length')" -eq "0" ]; then
4345
exit $UNKNOWN
4446
fi
4547

46-
asg_launch_config="$(echo "${asgs}" | jq -r '.AutoScalingGroups[0].MixedInstancesPolicy.LaunchTemplate.LaunchTemplateSpecification.LaunchTemplateName')"
48+
asg_launch_template="$(echo "${asgs}" | jq -r '.AutoScalingGroups[0].MixedInstancesPolicy.LaunchTemplate.LaunchTemplateSpecification.LaunchTemplateId')"
4749

48-
if [ "${instance_launch_config}" = "${asg_launch_config}" ]
49-
then
50+
if [ "${instance_launch_template}" = "${asg_launch_template}" ]; then
5051
exit $OK
5152
else
5253
exit $NONOK
53-
fi
54+
fi

config/plugin/spot_termination.sh

Lines changed: 10 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -4,34 +4,18 @@ OK=0
44
NONOK=1
55
UNKNOWN=2
66

7-
# Get instance ID from Kubernetes node providerID
8-
if [ -z "${NODE_NAME}" ]; then
9-
exit $UNKNOWN
10-
fi
7+
TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" \
8+
-H "X-aws-ec2-metadata-token-ttl-seconds: 21600" \
9+
--max-time 3 --silent --fail 2>/dev/null)
1110

12-
provider_id="$(curl -s -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
13-
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
14-
"https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/api/v1/nodes/${NODE_NAME}" \
15-
2>/dev/null | jq -r '.spec.providerID')"
11+
status_code=$(curl --max-time 3 --silent --output /dev/stderr --write-out "%{http_code}" \
12+
-H "X-aws-ec2-metadata-token: $TOKEN" \
13+
"http://169.254.169.254/latest/meta-data/spot/instance-action")
1614

17-
if [ -z "${provider_id}" ]; then
18-
exit $UNKNOWN
19-
fi
20-
21-
# Extract instance ID from providerID (format: aws:///region/instance-id)
22-
instance_id="$(echo "${provider_id}" | awk -F'/' '{print $NF}')"
23-
24-
if [ -z "${instance_id}" ]; then
25-
exit $UNKNOWN
26-
fi
27-
28-
# Check for spot instance interruption via EC2 API
29-
interruption_time=$(aws ec2 describe-instances --instance-ids "${instance_id}" \
30-
--query 'Reservations[0].Instances[0].DisruptionTime' \
31-
--output text 2>/dev/null)
32-
33-
if [ "${interruption_time}" = "None" ] || [ -z "${interruption_time}" ]; then
15+
if [ "${status_code}" -eq "404" ]; then
3416
exit $OK
35-
else
17+
elif [ "${status_code}" -eq "200" ]; then
3618
exit $NONOK
19+
else
20+
exit $UNKNOWN
3721
fi

0 commit comments

Comments
 (0)