-
Epic
-
Resolution: Done
-
Normal
-
None
-
None
-
Enforce IMDSv2 as the default in HyperShift
-
False
-
False
-
XCMSTRAT-567 - ROSA HCP: Configure EC2 IMDS to IMDSv2 Required optionally
-
Hypershift Sprint 246, Hypershift Sprint 247
-
0
-
0
-
0
User Story
As a ROSA HyperShift customer I want to enforce that IMDSv2 is always the default, to ensure that I have the most secure setting by default.
Acceptance Criteria
- IMDSv2 should be configured in HyperShift clusters by default
Default Done Criteria
- All existing/affected SOPs have been updated.
- New SOPs have been written.
- Internal training has been developed and delivered.
- The feature has both unit and end to end tests passing in all test
pipelines and through upgrades. - If the feature requires QE involvement, QE has signed off.
- The feature exposes metrics necessary to manage it (VALET/RED).
- The feature has had a security review.* Contract impact assessment.
- Service Definition is updated if needed.* Documentation is complete.
- Product Manager signed off on staging/beta implementation.
Dates
Integration Testing:
Beta:
GA:
Current Status
GREEN | YELLOW | RED
GREEN = On track, minimal risk to target date.
YELLOW = Moderate risk to target date.
RED = High risk to target date, or blocked and need to highlight potential
risk to stakeholders.
References
Links to Gdocs, github, and any other relevant information about this epic.
- is blocked by
-
OCPCLOUD-1838 CAPI support for AWS IMDSv2
-
- Closed
-
- relates to
-
RFE-5578 EC2 Instance Metadata Service (IMDS) version configurability
-
- Accepted
-
- links to