-
Story
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
None
-
Product / Portfolio Work
-
False
-
-
False
-
2
-
None
-
None
User Story:
Any pods that needs to assume the node assigned IAM role must contact the IMDS endpoint over IPv6. The endpoint must be enabled explicitly.
If the pod is running on hostNetwork, there is nothing to do as IPv4 endpoint is reachable.
Acceptance Criteria:
Description of criteria:
- Enable EC2 IMDS IPv6 endpoint for controlplane and worker nodes.
(optional) Out of Scope:
Detail about what is specifically not being delivered in the story
Engineering Details:
- AWS doc: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html
- The controlplane nodes are initially managed by CAPA, thus should be able to configure the IPv6 endpoint. We need to look into the support in MAPI controller.
This requires/does not require a design proposal.
This requires/does not require a feature gate.