Uploaded image for project: 'OpenShift Installer'
  1. OpenShift Installer
  2. CORS-2080

Extend user encryption keys usage for the default storage

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Major Major
    • openshift-4.13
    • None
    • Installer Core
    • None
    • Extend user encryption keys usage for the default storage
    • BU Product Work
    • False
    • None
    • False
    • Not Selected
    • Done
    • OCPSTRAT-410 - BYOK for encryption should encrypt the default storageclass with the same key
    • OCPSTRAT-410BYOK for encryption should encrypt the default storageclass with the same key
    • 0% To Do, 0% In Progress, 100% Done
    • Approved

      Epic Goal

      • Use the user provided encryption key to encrypt default Storage Class configured at install time. This is a continuation of the work done in a previous release to encrypt root volumes with the user-provided key.
      • The goal of this epic is to create cluster objects with the install-time user input required to create default storage classes. The work of creating the storage classes will be done by the storage team; the scope of this epic is just populating the cluster objects.

      Why is this important?

      • To provide a consistent user experience, when the user provides their own encryption key to the installer the expectation is not only to use this key to encrypt the machines' root volume but also the default Storage Class created during the install phase

      Scenarios

      1. The user provides their own encryption key to the installer and this is used to encrypt the volumes associated to the default Storage Class. This is implemented on OpenShift deployed on AWS, Azure and GCP cloud platforms.

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.

      Dependencies (internal and external)

      1. Required work by the Storage team

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

          1.
          Docs Tracker Sub-task Closed Undefined Unassigned
          2.
          PX Tracker Sub-task Closed Undefined Unassigned
          3.
          QE Tracker Sub-task Closed Undefined Gaoyun Pei
          4.
          TE Tracker Sub-task Closed Undefined Unassigned

              jhixson_redhat John Hixson
              mak.redhat.com Marcos Entenza Garcia
              Gaoyun Pei Gaoyun Pei
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: