Merge pull request #60791 from EricPonvelle/OSDOCS-6130_IMDSv2

OSDOCS-6130: Added IMDS support

Author: EricPonvelle

modules/rosa-imds-machine-pools-ui.adoc

@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
+
+:_content-type: PROCEDURE
+[id="rosa-imds-machine-pools-ui_{context}"]
+= Enabling Instance Metadata Service on machine pools in {cluster-manager}
+
+You can select your Instance Metadata Service (IMDS) type when creating your cluster in {cluster-manager}. You can select to use both IMDSv1 and IMDSv2, or you can specify to only use IMDSv2.
+
+.Prerequisites
+
+* You installed and configured the latest AWS (`aws`), ROSA (`rosa`), and OpenShift (`oc`) CLIs on your workstation.
+* You logged in to your Red Hat account by using the `rosa` CLI.
+* You have the permissions to create and manage clusters.
+* You have access to {cluster-manager-url}.
+
+.Procedure
+
+. Log in to the web console.
+. Create a ROSA cluster using your preferences.
+. In the **Create a ROSA Cluster** wizard on the **Cluster settings** -> **Machine pool** page, under the *Instance Metadata Service (IMDS)* section, select whether your machine pools use either both IMDSv1 and IMDSv2 or if you only want to use IMDSv2.
+. Select *Next* to save this selection. 
+
+.Verification
+
+. After your cluster has been created, on your cluster *Overview* tab, you see the *Instance Metadata Service (IMDS)* field that notes your IMDS version support.

modules/rosa-imds-machine-pools.adoc

@@ -0,0 +1,16 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
+
+:_content-type: CONCEPT
+[id="rosa-imds-machine-pools_{context}"]
+= Instance Metadata Service on machine pools
+
+There are two types of ways to access instance metadata from a running instance:
+
+* Instance Metadata Service Version 1 (IMDSv1) - a request/response method
+* Instance Metadata Service Version 2 (IMDSv2) - a session-oriented method
+
+IMDSv2 uses session-oriented requests. With session-oriented requests, you create a session token that defines the session duration, which can be a minimum of one second and a maximum of six hours. During the specified duration, you can use the same session token for subsequent requests. After the specified duration expires, you must create a new session token to use for future requests.
+
+When creating your ROSA cluster, you select to use either both IMDSv1 and IMDSv2 or specify that your cluster should only use IMDSv2. The instance metadata service distinguishes between IMDSv1 and IMDSv2 requests based on whether, for any given request, either the PUT or GET headers, which are unique to IMDSv2, are present in that request. If you specify to use IMDSv2 only, IMDSv1 ceases to function for your cluster. All machine pools on your cluster will use whichever IMDS type you select.

nodes/rosa-managing-worker-nodes.adoc

@@ -32,6 +32,14 @@ include::modules/rosa-osd-node-label-about.adoc[leveloffset=+1]
 * For more information about labels, see link:https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/[Kubernetes Labels and Selectors overview].
 
 include::modules/rosa-adding-node-labels.adoc[leveloffset=+2]
+include::modules/rosa-imds-machine-pools.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For more information about Instance Metadata Service, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html[Use IMDSv2] in the AWS documentation.
+
+include::modules/rosa-imds-machine-pools-ui.adoc[leveloffset=+2]
 include::modules/rosa-adding-taints.adoc[leveloffset=+1]
 include::modules/rosa-adding-taints-ocm.adoc[leveloffset=+2]
 include::modules/rosa-adding-taints-cli.adoc[leveloffset=+2]