Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-4551

Support for changing EC2 Instance Metadata Version (IMDS) (day-2) on ROSA/OSD Clusters

    XMLWordPrintable

Details

    • False
    • None
    • False
    • Not Selected
    • 0
    • 0% 0%

    Description

      1. Proposed title of this feature request

      HIVE support for modifying EC2 Instance Metadata Options

      2. What is the nature and description of the request?

      From the OCP Documentation [1], I understand that self-managed OCP customers can modify (day-2) the EC2 Instance Metadata options. However, Hive's customers like ROSA and OSD on AWS do not have this support. 

      3. Why does the customer need this? (List the business requirements here)

      Motivation for customers to use EC2 IMDS is to increase security posture provided by IMDS v2 endpoint and use AWS governance tools like IAM Policy, SCPs, AWS Configs etc to track compliance. Today, Hive and Hive customers can set this value at the time of cluster creation however, if they need to move between IMDSv2 optional and IMDSv2 required, they can not change this. They'd like to change it on all cluster's EC2 instances - including control plane, infra nodes, and compute nodes. In the Service Delivery, this also includes any temporary instances used for bootstrapping, supporting etc. 

      Today the alternative available are 1) Delete and recreate the cluster 2) SRE do white-glove process to modify this upon customer request. Given OCP documentation has steps to modify this, it is confusing for customers to understand why the managed service does not give a self-service way to have this configuration changed.

      4. List any affected packages or components.

        **  - Hive

      • Machine-API / Machine-Sets

      5. Additional Information:

      Slack Discussion in #forum-ocp-hive : https://redhat-internal.slack.com/archives/CE3ETN3J8/p1691596437419779 

       [1] https://docs.openshift.com/container-platform/4.13/machine_management/control_plane_machine_management/cpmso-using.html#machineset-imds-options_cpmso-using 

      Linked XCMSTRAT JIRAs

       

      Attachments

        Issue Links

          is related to

          Feature Request - Feature requests from customers and/or users RFE-2121 Support for IMDSv2 and IMDSv1 configuration from AWS EC2 machinesets - Openshift 4.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Accepted
          is triggering

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. HIVE-2211 Hive: allow setting ec2 metadata in machine pool

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          Web Link KCS 5585551: Does OpenShift 4 support specific version of IMDS for AWS clusters?

          Activity

            People

              julim Ju Lim
              rh-ee-bchandra Balachandran Chandrasekaran
              Votes:
              2 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: