Uploaded image for project: 'OpenShift Hosted Control Plane'
  1. OpenShift Hosted Control Plane
  2. HOSTEDCP-929

Allow configuration of IMDSv2/v1 in HyperShift

    XMLWordPrintable

Details

    • Epic
    • Resolution: Unresolved
    • Normal
    • None
    • None
    • None
    • Enforce IMDSv2 as the default in HyperShift
    • False
    • False
    • XCMSTRAT-567 - ROSA HCP: IMDSv2 as optional value
    • 0
    • 0% 0%
    • Hypershift Sprint 246, Hypershift Sprint 247
    • 0
    • 0
    • 0

    Description

      User Story

      As a ROSA HyperShift customer I want to enforce that IMDSv2 is always the default, to ensure that I have the most secure setting by default.

      Acceptance Criteria

      • IMDSv2 should be configured in HyperShift clusters by default

      Default Done Criteria

      • All existing/affected SOPs have been updated.
      • New SOPs have been written.
      • Internal training has been developed and delivered.
      • The feature has both unit and end to end tests passing in all test
        pipelines and through upgrades.
      • If the feature requires QE involvement, QE has signed off.
      • The feature exposes metrics necessary to manage it (VALET/RED).
      • The feature has had a security review.* Contract impact assessment.
      • Service Definition is updated if needed.* Documentation is complete.
      • Product Manager signed off on staging/beta implementation.

      Dates

      Integration Testing:
      Beta:
      GA:

      Current Status

      GREEN | YELLOW | RED
      GREEN = On track, minimal risk to target date.
      YELLOW = Moderate risk to target date.
      RED = High risk to target date, or blocked and need to highlight potential
      risk to stakeholders.

      References

      Links to Gdocs, github, and any other relevant information about this epic.

      Attachments

        Issue Links

          is blocked by

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. OCPCLOUD-1838 CAPI support for AWS IMDSv2

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is depended on by

          Outcome - Organizational objective focused on a measurable outcome. May be in support of larger strategic goals. XCMSTRAT-6 ROSA Security

          • Undefined - Priority not specified.
          • New
          is incorporated by

          Outcome - Organizational objective focused on a measurable outcome. May be in support of larger strategic goals. XCMSTRAT-277 (P1) ROSA parity - HCP to offer all Classic features

          • Critical - To be worked on immediately following BLOCKER issues.
          • In Progress
          links to

          GitHub openshift/hypershift#3584: HOSTEDCP-929: Add nodepool annotation to allow requesting IMDSv2

          Activity

            People

              rh-ee-mraee Mulham Raee
              wgordon.openshift Will Gordon
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated: