Description of problem:
Customers are requesting "encryption at host" feature on Azure to enable encryption of hypervisor-local resources including scratch volumes.
This feature is already supported in other cloud offerings (AKS) and we need to include this feature to arrive at parity.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
This does not work on the current release.
The cloud provider code supports this feature.
A possible solution is to add an optional parameter into machine specification which can be used to prepare the appropriate Azure API request. I made a PRfor the change which can be found here: https://github.com/openshift/cluster-api-provider-azure/pull/183.
the PR associated with this issue is still under review
We are deferring this feature to 4.8
As this is being deferred, unsetting target release for now
Validated on :
[miyadav@miyadav ~]$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.8.0-0.nightly-2021-02-21-102854 True False 45m Cluster version is 4.8.0-0.nightly-2021-02-21-102854
1. Copy the exiting machineset that comes with IPI installation
oc get machineset <machineset-name> -o yaml > new_encrypt_at_rest.yaml
[miyadav@miyadav ~]$ oc get machineset
oc NAME DESIRED CURRENT READY AVAILABLE AGE
miyadav-2202-5n7qm-worker-northcentralus 3 3 3 3 52m
[miyadav@miyadav ~]$ oc get machineset miyadav-2202-5n7qm-worker-northcentralus -o yaml > rhv/azure/encry_ms.yaml
2.create new machineset after replacing below values :
name -> as per choice , replicas -> as per choice
Add below to spec section values :
Run oc create -f new_encrypt_at_rest.yaml
3.Describe the created machine
Expected and Actual result:
[miyadav@miyadav ~]$ oc describe machine miyadav-2202-5n7qm-worker-northcentralus-e-nk4zv | grep -i "Encryption"
Encryption At Host: true
Additional Info :
Moved to VERIFIED
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.