Bug 1884632 - Adding BYOK disk encryption through DES
Summary: Adding BYOK disk encryption through DES
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.6
Hardware: All
OS: Linux
high
high
Target Milestone: ---
: 4.7.0
Assignee: Joel Speed
QA Contact: sunzhaohua
URL:
Whiteboard:
Depends On:
Blocks: 1890452
TreeView+ depends on / blocked
 
Reported: 2020-10-02 14:04 UTC by Kenny Woodson
Modified: 2021-02-24 15:22 UTC (History)
0 users

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1890452 (view as bug list)
Environment:
Last Closed: 2021-02-24 15:22:23 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-api-provider-azure pull 158 0 None closed Bug 1884632: Adding BYOK disk encryption through DES 2021-02-15 09:34:16 UTC
Github openshift machine-api-operator pull 730 0 None closed Bug 1884632: Bump Azure dependency to include BYOK encryption fields 2021-02-15 09:34:16 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:22:55 UTC

Description Kenny Woodson 2020-10-02 14:04:53 UTC
Description of problem:
Customers are requesting bring your own key encryption on Azure to secure their disks at rest.  This feature is already supported in other cloud offerings and we need to include this feature to arrive at parity.


Version-Release number of selected component (if applicable):
4.4, 4.5, 4.6

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
This does not work on the current release.

Expected results:
The cloud provider code upstream supports this feature.

Additional info:
I have created a small pull request that enables this feature. The pull request can be found here: https://github.com/openshift/cluster-api-provider-azure/pull/158

Comment 1 Joel Speed 2020-10-05 09:33:12 UTC
This will have to merge into 4.7.0 now and be backported to 4.6.z/4.5.z

Comment 3 Joel Speed 2020-10-19 09:21:37 UTC
This won't pass QA right now. Before we can get this past QA we need to update the Azure dependency within the MAO repository. This will allow the webhooks in the cluster to understand the new fields that were added in the attached PR.

Comment 8 errata-xmlrpc 2021-02-24 15:22:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.