Description of problem: Currently setting 'encrypted: true' in a volume definition is silently ignored. Version-Release number of selected component (if applicable): Currently the encrypted setting [1] from [2] is ignored by the AWS cluster-API provider: $ git grep Encrypted | grep -v vendor/ pkg/apis/awsproviderconfig/v1alpha1/awsmachineproviderconfig_types.go: // Indicates whether the EBS volume is encrypted. Encrypted Amazon EBS volumes pkg/apis/awsproviderconfig/v1alpha1/awsmachineproviderconfig_types.go: Encrypted *bool `json:"encrypted,omitempty"` pkg/apis/awsproviderconfig/v1alpha1/zz_generated.deepcopy.go: if in.Encrypted != nil { pkg/apis/awsproviderconfig/v1alpha1/zz_generated.deepcopy.go: in, out := &in.Encrypted, &out.Encrypted This means that you cannot use the setting to get encrypted root volumes for compute machines [3]. The provider should respect the setting and provision encrypted volumes when requested. [1]: https://github.com/openshift/cluster-api-provider-aws/blob/7a53d36f7e4c928b51a502b9f12e245045cfb6f3/pkg/apis/awsproviderconfig/v1beta1/awsmachineproviderconfig_types.go#L179-L181 [2]: https://github.com/openshift/cluster-api-provider-aws/commit/e8362ca5a52914921d0d20d9c89b870e48285dc1 [3]: https://github.com/openshift/installer/pull/2114#issuecomment-516180113
PR: https://github.com/openshift/cluster-api-provider-aws/pull/245
Verified. clusterversion: 4.2.0-0.nightly-2019-08-05-223032 Create a machine setting "encrypted: true", check EBS volumes, could see "Encryption: Encrypted"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922