dustin
/
dynk8s-provisioner
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: dustin:c63c4d9e8c1963122bdc1af22d58c64d795b6edd
Branches Tags
dustin:master
...
compare: dustin:dbcda4a8ca2c281ec83ba7e8d641611a77c72cd3
Branches Tags
dustin:master

3 Commits
c63c4d9e8c ... dbcda4a8ca

Author SHA1 Message Date
Dustin dbcda4a8ca tf/userdata: Configure CRI-O to use crun
dustin/dynk8s-provisioner/pipeline/head There was a failure building this commit Details 
By default, CRI-O uses `runc` as the container runtime.  `runc` does not
support user namespaces, though, so we have to use `crun`, which does.
 2024-11-03 12:34:40 -06:00
Dustin f531b03e7c tf/userdata: Use IMDSv2 tokens 
The Fedora 40 AMIs require IMDSv2.  Our `kubeadm-join` script therefore
needs to fetch the auth token and include it with metada requests.
 2024-11-03 12:31:27 -06:00
Dustin 0ec109b088 tf/asg: Update to Fedora 40 
Upstream changed the naming convention for Fedora AMIs.  It also seems
they've stopped publishing "release" artifacts; all the AMIs are now
date-stamped.  We should probably consider running `terraform apply`
periodically to keep up-to-date.
 2024-11-03 12:31:11 -06:00
3 changed files with 44 additions and 26 deletions
Show Stats Expand all files Collapse all files

2
terraform/asg.tf
View File

@ -33,7 +33,7 @@ data "aws_ami" "latest-fedora" {
filter {
name = "name"
values = ["Fedora-Cloud-Base-38-1.*"]
values = ["Fedora-Cloud-Base-AmazonEC2.aarch64-40-*"]
}
filter {

46
terraform/terraform.tfstate
View File

@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.6.2",
"serial": 108,
"serial": 114,
"lineage": "a100be74-c98e-0769-2d6a-bf6a2c5f3ebf",
"outputs": {},
"resources": [
@ -15,7 +15,7 @@
"schema_version": 0,
"attributes": {
"architecture": "arm64",
"arn": "arn:aws:ec2:us-east-2::image/ami-0dcd72048e69236de",
"arn": "arn:aws:ec2:us-east-2::image/ami-025edd5571c20d10e",
"block_device_mappings": [
{
"device_name": "/dev/sda1",
@ -23,19 +23,19 @@
"delete_on_termination": "true",
"encrypted": "false",
"iops": "0",
"snapshot_id": "snap-01034e15b97a1b584",
"snapshot_id": "snap-07538e4a365fd3b50",
"throughput": "0",
"volume_size": "6",
"volume_type": "gp2"
"volume_size": "5",
"volume_type": "gp3"
},
"no_device": "",
"virtual_name": ""
}
],
"boot_mode": "",
"creation_date": "2023-04-14T00:16:49.000Z",
"deprecation_time": "2025-04-14T00:16:49.000Z",
"description": "Fedora AMI Description",
"boot_mode": "uefi-preferred",
"creation_date": "2024-11-03T09:43:10.000Z",
"deprecation_time": "2026-11-03T09:43:10.000Z",
"description": "Fedora-Cloud-40.20241103.0 (aarch64) for HVM Instances",
"ena_support": true,
"executable_users": null,
"filter": [
@ -48,7 +48,7 @@
{
"name": "name",
"values": [
"Fedora-Cloud-Base-38-1.*"
"Fedora-Cloud-Base-AmazonEC2.aarch64-40-*"
]
},
{
@ -59,15 +59,15 @@
}
],
"hypervisor": "xen",
"id": "ami-0dcd72048e69236de",
"image_id": "ami-0dcd72048e69236de",
"image_location": "125523088429/Fedora-Cloud-Base-38-1.6.aarch64-hvm-us-east-2-gp2-0",
"id": "ami-025edd5571c20d10e",
"image_id": "ami-025edd5571c20d10e",
"image_location": "125523088429/Fedora-Cloud-Base-AmazonEC2.aarch64-40-20241103.0",
"image_owner_alias": "",
"image_type": "machine",
"include_deprecated": false,
"kernel_id": "",
"most_recent": true,
"name": "Fedora-Cloud-Base-38-1.6.aarch64-hvm-us-east-2-gp2-0",
"name": "Fedora-Cloud-Base-AmazonEC2.aarch64-40-20241103.0",
"name_regex": null,
"owner_id": "125523088429",
"owners": [
@ -80,8 +80,8 @@
"ramdisk_id": "",
"root_device_name": "/dev/sda1",
"root_device_type": "ebs",
"root_snapshot_id": "snap-01034e15b97a1b584",
"sriov_net_support": "",
"root_snapshot_id": "snap-07538e4a365fd3b50",
"sriov_net_support": "simple",
"state": "available",
"state_reason": {
"code": "UNSET",
@ -107,9 +107,9 @@
"schema_version": 0,
"attributes": {
"account_id": "566967686773",
"arn": "arn:aws:sts::566967686773:assumed-role/dynk8s-terraform/aws-go-sdk-1707258546409158274",
"arn": "arn:aws:sts::566967686773:assumed-role/dynk8s-terraform/aws-go-sdk-1730658692504527073",
"id": "566967686773",
"user_id": "AROAYIAPIKZ25DFDOYZHT:aws-go-sdk-1707258546409158274"
"user_id": "AROAYIAPIKZ25DFDOYZHT:aws-go-sdk-1730658692504527073"
},
"sensitive_attributes": []
}
@ -380,7 +380,7 @@
"capacity_reservation_specification": [],
"cpu_options": [],
"credit_specification": [],
"default_version": 27,
"default_version": 32,
"description": "",
"disable_api_stop": false,
"disable_api_termination": false,
@ -391,7 +391,7 @@
"hibernation_options": [],
"iam_instance_profile": [],
"id": "lt-0789a3800bdaec215",
"image_id": "ami-0dcd72048e69236de",
"image_id": "ami-025edd5571c20d10e",
"instance_initiated_shutdown_behavior": "",
"instance_market_options": [
{
@ -403,7 +403,7 @@
"instance_type": "c7gd.xlarge",
"kernel_id": "",
"key_name": "dustin@rosalina",
"latest_version": 27,
"latest_version": 32,
"license_specification": [],
"maintenance_options": [],
"metadata_options": [],
@ -427,7 +427,7 @@
"tags": {},
"tags_all": {},
"update_default_version": true,
"user_data": "I2Nsb3VkLWNvbmZpZwpib290Y21kOgotIFsgbG4sIC1zZiwgL3J1bi9zeXN0ZW1kL3Jlc29sdmUvc3R1Yi1yZXNvbHYuY29uZiwgL2V0Yy9yZXNvbHYuY29uZiBdCgpwYWNrYWdlczoKLSBjcmktbwotIGNyaS10b29scwotIGV0aHRvb2wKLSBpcHRhYmxlcy1uZnQKLSBpc2NzaS1pbml0aWF0b3ItdXRpbHMKLSBrdWJlcm5ldGVzLWt1YmVhZG0KLSBrdWJlcm5ldGVzLW5vZGUKLSBydW5jCi0gd2lyZWd1YXJkLXRvb2xzCgp3cml0ZV9maWxlczoKLSBwYXRoOiAvZXRjL2RuZi9kbmYuY29uZgogIGNvbnRlbnQ6IHwrCiAgICBpbnN0YWxsX3dlYWtfZGVwcz1GYWxzZQogIGFwcGVuZDogdHJ1ZQotIHBhdGg6IC9ldGMvbW9kdWxlcy1sb2FkLmQvazhzLmNvbmYKICBjb250ZW50OiB8KwogICAgYnJfbmV0ZmlsdGVyCi0gcGF0aDogL2V0Yy9zeXNjdGwuZC9rOHMuY29uZgogIGNvbnRlbnQ6IHwrCiAgICBuZXQuYnJpZGdlLmJyaWRnZS1uZi1jYWxsLWlwdGFibGVzID0gMQogICAgbmV0LmJyaWRnZS5icmlkZ2UtbmYtY2FsbC1pcDZ0YWJsZXMgPSAxCiAgICBuZXQuaXB2NC5pcF9mb3J3YXJkID0gMQotIHBhdGg6IC92YXIvbGliL2Nsb3VkL3NjcmlwdHMvcGVyLWluc3RhbmNlL2t1YmVhZG0tam9pbgogIHBlcm1pc3Npb25zOiAnMDc1NScKICBjb250ZW50OiB8KwogICAgIyEvYmluL3NoCgogICAgQkFTRV9VUkw9aHR0cHM6Ly9keW5rOHMtcHJvdmlzaW9uZXIucHlyb2N1ZmZsaW5rLm5ldAoKICAgIGluc3RhbmNlX2lkPSQoY3VybCAtcyAxNjkuMjU0LjE2OS4yNTQvbGF0ZXN0L21ldGEtZGF0YS9pbnN0YW5jZS1pZCkKICAgIGF6PSQoY3VybCAtcyAxNjkuMjU0LjE2OS4yNTQvbGF0ZXN0L21ldGEtZGF0YS9wbGFjZW1lbnQvYXZhaWxhYmlsaXR5LXpvbmUpCgogICAgY3VybCAtZnMgIiR7QkFTRV9VUkx9Ii93aXJlZ3VhcmQvY29uZmlnLyR7aW5zdGFuY2VfaWR9IFwKICAgICAgICAtbyAvZXRjL3dpcmVndWFyZC93ZzAuY29uZiB8fCBleGl0CiAgICBzeXN0ZW1jdGwgZW5hYmxlIC0tbm93IHdnLXF1aWNrQHdnMCB8fCBleGl0CgogICAgcmVzb2x2ZWN0bCByZXZlcnQgZXRoMAoKICAgIG1vZHByb2JlIGJyX25ldGZpbHRlciB8fCBleGl0CiAgICBzeXNjdGwgLXcgLWYgL2V0Yy9zeXNjdGwuZC9rOHMuY29uZiB8fCBleGl0CgogICAgc3dhcG9mZiAtYSB8fCBleGl0CiAgICB0b3VjaCAvZXRjL3N5c3RlbWQvenJhbS1nZW5lcmF0b3IuY29uZiB8fCBleGl0CiAgICBzeXN0ZW1jdGwgZGFlbW9uLXJlbG9hZCB8fCBleGl0CiAgICBzeXN0ZW1jdGwgc3RvcCAnc3lzdGVtZC16cmFtLXNldHVwQConIHx8IGV4aXQKCiAgICBpZiBbIC1iIC9kZXYvbnZtZTFuMSBdOyB0aGVuCiAgICAgIHByaW50ZiAnJXMgJXMgJXMgJXMgMCAwXG4nIFwKICAgICAgICAvZGV2L252bWUxbjEgXAogICAgICAgIC92YXIvbGliL2t1YmVsZXQgXAogICAgICAgIGV4dDQgXAogICAgICAgIG5vYXRpbWUseC1zeXN0ZW1kLm1ha2Vmcyxub2ZhaWwgXAogICAgICAgID4+IC9ldGMvZnN0YWIKICAgICAgc3lzdGVtY3RsIGRhZW1vbi1yZWxvYWQKICAgICAgc3lzdGVtY3RsIHN0YXJ0IHZhci1saWIta3ViZWxldC5tb3VudAogICAgZmkKCiAgICBzeXN0ZW1jdGwgZW5hYmxlIGNyaW8gaXNjc2lkIGt1YmVsZXQgfHwgZXhpdAogICAgc3lzdGVtY3RsIHN0YXJ0IGNyaW8gaXNjc2lkIHx8IGV4aXQKCiAgICBpbnRlcm5hbF9pcD0kKAogICAgICBpcCBhZGRyZXNzIHNob3cgZGV2IHdnMCBwcmltYXJ5IHwgXAogICAgICBzZWQgLXJuICdzLy4qaW5ldCAoWzAtOS5dKykuKi9cMS9wJwogICAgKQoKICAgIGNhdCA+IGxvbmdob3JuLWlzc3VlNDk4OC5jaWwgPDxFT0YKICAgIChhbGxvdyBpc2NzaWRfdCBzZWxmIChjYXBhYmlsaXR5IChkYWNfb3ZlcnJpZGUpKSkKICAgIEVPRgogICAgc2Vtb2R1bGUgLWkgbG9uZ2hvcm4taXNzdWU0OTg4LmNpbAoKICAgIHJtIC1mIC9ldGMvY25pL25ldC5kLzEwMC1jcmlvLWJyaWRnZS5jb25mbGlzdAoKICAgIGNhdCA+IC9ydW4vam9pbmNvbmZpZ3VyYXRpb24gPDxFT0YKICAgIGFwaVZlcnNpb246IGt1YmVhZG0uazhzLmlvL3YxYmV0YTMKICAgIGtpbmQ6IEpvaW5Db25maWd1cmF0aW9uCiAgICBub2RlUmVnaXN0cmF0aW9uOgogICAgICB0YWludHM6CiAgICAgIC0ga2V5OiBkdTV0MW4ubWUvamVua2lucwogICAgICAgIGVmZmVjdDogTm9TY2hlZHVsZQogICAgICBrdWJlbGV0RXh0cmFBcmdzOgogICAgICAgIHByb3ZpZGVyLWlkOiBhd3M6Ly8vJHthen0vJHtpbnN0YW5jZV9pZH0KICAgICAgICBub2RlLWlwOiAke2ludGVybmFsX2lwfQogICAgICAgIGNvbmZpZzogL3Zhci9saWIva3ViZWxldC9jb25maWcueWFtbAogICAgZGlzY292ZXJ5OgogICAgICBmaWxlOgogICAgICAgIGt1YmVDb25maWdQYXRoOiAke0JBU0VfVVJMfS9rdWJlYWRtL2t1YmVjb25maWcvJHtpbnN0YW5jZV9pZH0KICAgIEVPRgogICAga3ViZWFkbSBqb2luIC0tY29uZmlnPS9ydW4vam9pbmNvbmZpZ3VyYXRpb24KCnJ1bmNtZDoKLSBbIGRuZiwgcmVtb3ZlLCAteSwgenJhbS1nZW5lcmF0b3IgXQo=",
"user_data": "I2Nsb3VkLWNvbmZpZwpib290Y21kOgotIFsgbG4sIC1zZiwgL3J1bi9zeXN0ZW1kL3Jlc29sdmUvc3R1Yi1yZXNvbHYuY29uZiwgL2V0Yy9yZXNvbHYuY29uZiBdCgpwYWNrYWdlczoKLSBjcmktbwotIGNyaS10b29scwotIGNydW4KLSBldGh0b29sCi0gaXB0YWJsZXMtbmZ0Ci0gaXNjc2ktaW5pdGlhdG9yLXV0aWxzCi0ga3ViZXJuZXRlcy1rdWJlYWRtCi0ga3ViZXJuZXRlcy1ub2RlCi0gcnVuYwotIHdpcmVndWFyZC10b29scwoKd3JpdGVfZmlsZXM6Ci0gcGF0aDogL2V0Yy9kbmYvZG5mLmNvbmYKICBjb250ZW50OiB8KwogICAgaW5zdGFsbF93ZWFrX2RlcHM9RmFsc2UKICBhcHBlbmQ6IHRydWUKLSBwYXRoOiAvZXRjL21vZHVsZXMtbG9hZC5kL2s4cy5jb25mCiAgY29udGVudDogfCsKICAgIGJyX25ldGZpbHRlcgotIHBhdGg6IC9ldGMvc3lzY3RsLmQvazhzLmNvbmYKICBjb250ZW50OiB8KwogICAgbmV0LmJyaWRnZS5icmlkZ2UtbmYtY2FsbC1pcHRhYmxlcyA9IDEKICAgIG5ldC5icmlkZ2UuYnJpZGdlLW5mLWNhbGwtaXA2dGFibGVzID0gMQogICAgbmV0LmlwdjQuaXBfZm9yd2FyZCA9IDEKLSBwYXRoOiAvZXRjL2NyaW8vY3Jpby5jb25mLmQvMTAtY3Jpby1jcnVuLmNvbmYKICBjb250ZW50OiB8KwogICAgW2NyaW8ucnVudGltZV0KICAgIGRlZmF1bHRfcnVudGltZSA9ICJjcnVuIgoKICAgIFtjcmlvLnJ1bnRpbWUucnVudGltZXMuY3J1bl0KICAgIHJ1bnRpbWVfcGF0aCA9ICIvdXNyL2Jpbi9jcnVuIgogICAgcnVudGltZV90eXBlID0gIm9jaSIKICAgIHJ1bnRpbWVfcm9vdCA9ICIvcnVuL2NydW4iCi0gcGF0aDogL3Zhci9saWIvY2xvdWQvc2NyaXB0cy9wZXItaW5zdGFuY2Uva3ViZWFkbS1qb2luCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGNvbnRlbnQ6IHwrCiAgICAjIS9iaW4vc2gKCiAgICBCQVNFX1VSTD1odHRwczovL2R5bms4cy1wcm92aXNpb25lci5weXJvY3VmZmxpbmsubmV0CgogICAgaW1kc190b2tlbj0kKGN1cmwgMTY5LjI1NC4xNjkuMjU0L2xhdGVzdC9hcGkvdG9rZW4gXAogICAgICAtWCBQVVQgXAogICAgICAtSCAnWC1hd3MtZWMyLW1ldGFkYXRhLXRva2VuLXR0bC1zZWNvbmRzOiAzNjAwJwogICAgKQogICAgaW5zdGFuY2VfaWQ9JChjdXJsIC1zIDE2OS4yNTQuMTY5LjI1NC9sYXRlc3QvbWV0YS1kYXRhL2luc3RhbmNlLWlkIFwKICAgICAgLUggIlgtYXdzLWVjMi1tZXRhZGF0YS10b2tlbjogJHtpbWRzX3Rva2VufSIKICAgICkKICAgIGF6PSQoY3VybCAtcyAxNjkuMjU0LjE2OS4yNTQvbGF0ZXN0L21ldGEtZGF0YS9wbGFjZW1lbnQvYXZhaWxhYmlsaXR5LXpvbmUgXAogICAgICAtSCAiWC1hd3MtZWMyLW1ldGFkYXRhLXRva2VuOiAke2ltZHNfdG9rZW59IgogICAgKQoKICAgIGN1cmwgLWZzICIke0JBU0VfVVJMfSIvd2lyZWd1YXJkL2NvbmZpZy8ke2luc3RhbmNlX2lkfSBcCiAgICAgICAgLW8gL2V0Yy93aXJlZ3VhcmQvd2cwLmNvbmYgfHwgZXhpdAogICAgc3lzdGVtY3RsIGVuYWJsZSAtLW5vdyB3Zy1xdWlja0B3ZzAgfHwgZXhpdAoKICAgIHJlc29sdmVjdGwgcmV2ZXJ0IGV0aDAKCiAgICBtb2Rwcm9iZSBicl9uZXRmaWx0ZXIgfHwgZXhpdAogICAgc3lzY3RsIC13IC1mIC9ldGMvc3lzY3RsLmQvazhzLmNvbmYgfHwgZXhpdAoKICAgIHN3YXBvZmYgLWEgfHwgZXhpdAogICAgdG91Y2ggL2V0Yy9zeXN0ZW1kL3pyYW0tZ2VuZXJhdG9yLmNvbmYgfHwgZXhpdAogICAgc3lzdGVtY3RsIGRhZW1vbi1yZWxvYWQgfHwgZXhpdAogICAgc3lzdGVtY3RsIHN0b3AgJ3N5c3RlbWQtenJhbS1zZXR1cEAqJyB8fCBleGl0CgogICAgaWYgWyAtYiAvZGV2L252bWUxbjEgXTsgdGhlbgogICAgICBwcmludGYgJyVzICVzICVzICVzIDAgMFxuJyBcCiAgICAgICAgL2Rldi9udm1lMW4xIFwKICAgICAgICAvdmFyL2xpYi9rdWJlbGV0IFwKICAgICAgICBleHQ0IFwKICAgICAgICBub2F0aW1lLHgtc3lzdGVtZC5tYWtlZnMsbm9mYWlsIFwKICAgICAgICA+PiAvZXRjL2ZzdGFiCiAgICAgIHN5c3RlbWN0bCBkYWVtb24tcmVsb2FkCiAgICAgIHN5c3RlbWN0bCBzdGFydCB2YXItbGliLWt1YmVsZXQubW91bnQKICAgIGZpCgogICAgc3lzdGVtY3RsIGVuYWJsZSBjcmlvIGlzY3NpZCBrdWJlbGV0IHx8IGV4aXQKICAgIHN5c3RlbWN0bCBzdGFydCBjcmlvIGlzY3NpZCB8fCBleGl0CgogICAgaW50ZXJuYWxfaXA9JCgKICAgICAgaXAgYWRkcmVzcyBzaG93IGRldiB3ZzAgcHJpbWFyeSB8IFwKICAgICAgc2VkIC1ybiAncy8uKmluZXQgKFswLTkuXSspLiovXDEvcCcKICAgICkKCiAgICBjYXQgPiBsb25naG9ybi1pc3N1ZTQ5ODguY2lsIDw8RU9GCiAgICAoYWxsb3cgaXNjc2lkX3Qgc2VsZiAoY2FwYWJpbGl0eSAoZGFjX292ZXJyaWRlKSkpCiAgICBFT0YKICAgIHNlbW9kdWxlIC1pIGxvbmdob3JuLWlzc3VlNDk4OC5jaWwKCiAgICBybSAtZiAvZXRjL2NuaS9uZXQuZC8xMDAtY3Jpby1icmlkZ2UuY29uZmxpc3QKCiAgICBjYXQgPiAvcnVuL2pvaW5jb25maWd1cmF0aW9uIDw8RU9GCiAgICBhcGlWZXJzaW9uOiBrdWJlYWRtLms4cy5pby92MWJldGEzCiAgICBraW5kOiBKb2luQ29uZmlndXJhdGlvbgogICAgbm9kZVJlZ2lzdHJhdGlvbjoKICAgICAgdGFpbnRzOgogICAgICAtIGtleTogZHU1dDFuLm1lL2plbmtpbnMKICAgICAgICBlZmZlY3Q6IE5vU2NoZWR1bGUKICAgICAga3ViZWxldEV4dHJhQXJnczoKICAgICAgICBwcm92aWRlci1pZDogYXdzOi8vLyR7YXp9LyR7aW5zdGFuY2VfaWR9CiAgICAgICAgbm9kZS1pcDogJHtpbnRlcm5hbF9pcH0KICAgICAgICBjb25maWc6IC92YXIvbGliL2t1YmVsZXQvY29uZmlnLnlhbWwKICAgIGRpc2NvdmVyeToKICAgICAgZmlsZToKICAgICAgICBrdWJlQ29uZmlnUGF0aDogJHtCQVNFX1VSTH0va3ViZWFkbS9rdWJlY29uZmlnLyR7aW5zdGFuY2VfaWR9CiAgICBFT0YKICAgIGt1YmVhZG0gam9pbiAtLWNvbmZpZz0vcnVuL2pvaW5jb25maWd1cmF0aW9uCgpydW5jbWQ6Ci0gWyBkbmYsIHJlbW92ZSwgLXksIHpyYW0tZ2VuZXJhdG9yIF0K",
"vpc_security_group_ids": []
},
"sensitive_attributes": [],
@ -501,7 +501,7 @@
"ingress": [
{
"cidr_blocks": [
"108.75.85.159/32"
"23.29.47.79/32"
],
"description": "",
"from_port": 22,

22
terraform/userdata.yml
View File

@ -5,6 +5,7 @@ bootcmd:
packages:
- cri-o
- cri-tools
- crun
- ethtool
- iptables-nft
- iscsi-initiator-utils
@ -26,6 +27,15 @@ write_files:
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
- path: /etc/crio/crio.conf.d/10-crio-crun.conf
content: |+
[crio.runtime]
default_runtime = "crun"
[crio.runtime.runtimes.crun]
runtime_path = "/usr/bin/crun"
runtime_type = "oci"
runtime_root = "/run/crun"
- path: /var/lib/cloud/scripts/per-instance/kubeadm-join
permissions: '0755'
content: |+
@ -33,8 +43,16 @@ write_files:
BASE_URL=https://dynk8s-provisioner.pyrocufflink.net
instance_id=$(curl -s 169.254.169.254/latest/meta-data/instance-id)
az=$(curl -s 169.254.169.254/latest/meta-data/placement/availability-zone)
imds_token=$(curl 169.254.169.254/latest/api/token \
-X PUT \
-H 'X-aws-ec2-metadata-token-ttl-seconds: 3600'
)
instance_id=$(curl -s 169.254.169.254/latest/meta-data/instance-id \
-H "X-aws-ec2-metadata-token: ${imds_token}"
)
az=$(curl -s 169.254.169.254/latest/meta-data/placement/availability-zone \
-H "X-aws-ec2-metadata-token: ${imds_token}"
)
curl -fs "${BASE_URL}"/wireguard/config/${instance_id} \
-o /etc/wireguard/wg0.conf || exit