Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: openshift-4.15
Affects Version/s: openshift-4.15
Component/s: None
Labels:
- hybridsre

Story Points:
3
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Hybrid SRE: Storage Account Encryption
Feature Link:
OCPSTRAT-717 - Support Azure Storage Account encryption
Intelligence Requested:
Market:

Original story points:
3
Sprint:
Sprint 242, Sprint 243, Sprint 244

Target Version:

4.15.0

SFDC Cases Links:
SFDC Cases Counter:

User Story:

As a user, I want to be able to:

Pass customer managed keys to the installer

so that

The installer encrypts the storage accounts created

Acceptance Criteria:

Description of criteria:

User is able to pass the neccesary information for encryption through the install config
Storage account created for the control plane use is encrypted

(optional) Out of Scope:

Not encrypting the storage account used for bootstrap

Engineering Details:

Encryption requires key vault id and user assigned identity keys mentioned here
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#customer_managed_key
Storage account must be set to `Premium` and kind to `StorageV2` which is default.

This requires/does not require a design proposal.
This requires/does not require a feature gate.

links to

openshift/installer#7520: CORS-2845: azure: Enable storage account encryption

Assignee:: Aditya Narayanaswamy

Reporter:: Aditya Narayanaswamy

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2023/09/21 7:40 PM

Updated:: 2024/01/03 5:52 PM

Resolved:: 2023/11/30 6:00 PM