2066813 – Issue in creating gp3 type-based volumes.

Bug 2066813 - Issue in creating gp3 type-based volumes.

Summary: Issue in creating gp3 type-based volumes.

Keywords:
Status:	CLOSED DUPLICATE of bug 2049872
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Storage
Sub Component:
Version:	4.9
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	aos-storage-staff@redhat.com
QA Contact:	Wei Duan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-03-22 14:21 UTC by Palash Khaire
Modified:	2022-03-24 09:24 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-24 09:24:30 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Palash Khaire 2022-03-22 14:21:01 UTC

Description of problem: Issue in creating gp3 type-based volumes.

The same does work with  gp2. The gp3 type volume should work well on 4.9.z CSI driver provisioned.

Will add the events in the Bug notes.

Comment 3 Jan Safranek 2022-03-24 09:24:30 UTC

This looks like OCP / the CSI driver does not have permissions to use the referenced KMS key. In that case, AWS cloud API CreateDisk call returns a valid volume ID and only after that it realizes that it does not have access to the encryption key and silently deletes the volume.
We're fixing it in 4.11 here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2049872

As a workaround in 4.9, the customer can grant required permissions to the AWS EBS CSI Driver IAM role manually, as shown in https://github.com/openshift/cluster-storage-operator/pull/263/files.

*** This bug has been marked as a duplicate of bug 2049872 ***

Note You need to log in before you can comment on or make changes to this bug.