doc: Update configuration notes for working with IMDSv2 metadata server (#2243)

alexku7 · web-flow · commit 2c77d498fbe5 · 2021-10-05T09:28:55.000-07:00
* SGA-999 update IMDSv2 notes

* SGA-9999
diff --git a/docs/deploy/installation.md b/docs/deploy/installation.md
@@ -18,6 +18,16 @@
     - Ensure subnets are tagged appropriately for auto-discovery to work
     - For IP targets, pods must have IPs from the VPC subnets. You can configure `amazon-vpc-cni-k8s` plugin for this purpose.
 
+## Using metadata server version 2 (IMDSv2)
+If you are using the IMDSv2 you must set the hop limit to 2 or higher in order to allow the AWS Load Balancer Controller to perform the metadata introspection. Otherwise you have to manually specify the AWS region and the VPC via the controller flags `--aws-region` and `--aws-vpc-id`.
+
+
+!!!tip 
+    You can set the IMDSv2 hop limit as follows:
+    ```
+    aws ec2 modify-instance-metadata-options --http-put-response-hop-limit 2 --region <region> --instance-id <instance-id>
+    ```
+
 ## IAM Permissions
 
 #### Setup IAM role for service accounts
