Bug 2101754
| Summary: | [KMS] Steps to enable clusterwide encryption using KMS with kube auth needs to be updated | |||
|---|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat OpenShift Data Foundation | Reporter: | Rachael <rgeorge> | |
| Component: | documentation | Assignee: | Kusuma <kbg> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Rachael <rgeorge> | |
| Severity: | high | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 4.11 | CC: | ocs-bugs, odf-bz-bot, rar | |
| Target Milestone: | --- | |||
| Target Release: | ODF 4.11.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2120490 (view as bug list) | Environment: | ||
| Last Closed: | 2023-03-09 12:47:11 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2120490 | |||
Describe the issue: In OCP 4.11, the serviceaccount token secret are not present in the serviceaccount description. Since the secret is not present, the following documented step will fail: $ VAULT_SA_SECRET_NAME=$(oc -n openshift-storage get sa <SA_NAME> -o jsonpath="{.secrets[*]['name']}") | grep -o "[^[:space:]]*-token-[^[:space:]]*" This step needs to be modified. There can be two approaches to resolving this: - The token secret can be linked to the serviceacount using this command and the rest of the steps can be followed as is: $ oc secrets link <serviceaccount name> <serviceaccount token secret name> - A new token secret can be created and used instead: $ cat <<EOF | oc create -f - apiVersion: v1 kind: Secret metadata: name: odf-vault-auth-token namespace: openshift-storage annotations: kubernetes.io/service-account.name: "odf-vault-auth" type: kubernetes.io/service-account-token data: {} EOF Describe the task you were trying to accomplish: ------------------------------------------------ Enabling kube auth for clusterwide encryption using KMS Document URL: ------------- https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.10/html-single/deploying_openshift_data_foundation_using_amazon_web_services/index#enabling-cluster-wide-encryprtion-with-the-kubernetes-authentication-using-kms_cloud-storage Chapter/Section Number and Title: --------------------------------- 2.3. Enabling cluster-wide encryption with KMS using the Kubernetes authentication method Product Version: ---------------- ODF 4.11 ODF 4.10 (If deployment is being done on OCP 4.11)