Uploaded image for project: 'OpenShift Cloud'
  1. OpenShift Cloud
  2. OCPCLOUD-1838

CAPI support for AWS IMDSv2

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • None
    • 1
    • False
    • None
    • False
    • CLOUD Sprint 231, CLOUD Sprint 232, CLOUD Sprint 233

      User Story

      As a CAPI user, i would like to leverage an enhanced metadata security feature known as IMDSv2

      Background

      This thing was implemented and using now in Openshift Machine API:

      https://issues.redhat.com/browse/OCPCLOUD-1436

      https://github.com/openshift/machine-api-provider-aws/pull/34

       

      There is also a demand to have this upstream:

      https://github.com/kubernetes-sigs/cluster-api-provider-aws/issues/3744

      https://github.com/kubernetes-sigs/cluster-api-provider-aws/issues/3974

      Steps

      • Reach an agreement about API design with the CAPI AWS community
        • Since this required API changes need to figure out if any enhancement document needed, prepare it if necessary
      • Implement this API extension and respective controller changes for aws machines in https://github.com/kubernetes-sigs/cluster-api-provider-aws

      Stakeholders

      • Hypershift
      • AWS CAPI community

      Definition of Done

      • CAPI machine API definition extended with supporting of IMDSv2
      • Respective CAPI machine controller changes implemented
      • Docs
      • N/A for OCP, community project related
      • Testing
      • N/A for OCP, community project related

              dodvarka@redhat.com Daniel Odvarka (Inactive)
              dmoiseev Denis Moiseev (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: