-
Story
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
None
-
Strategic Product Work
-
False
-
None
-
False
-
OCPSTRAT-980 - Enforce Data/Secret Encryption for the Control-Planes, Etcd, and Nodes
-
-
-
Hypershift Sprint 246, Hypershift Sprint 247, Hypershift Sprint 249, Hypershift Sprint 250, Hypershift Sprint 251
-
0
-
0
-
0
User Story:
As a user of HCP on Azure, I want to be able to provide a DiskEncryptionSet ID to encrypt the OS disks for the VMs in the NodePool so that the data on the OS disks will be protected by encryption.
Acceptance Criteria:
Description of criteria:
- Upstream documentation add on what is needed for the Azure Key Vault and how to encrypt the OS disks thru both the CLI and through the CR spec.
- HyperShift CLI lets a user provide a DiskEncryptionSet ID to encrypt the OS disk.
- Ability to encrypt the OS disks through the HyperShift CLI.
- Ability to encrypt the OS disks through the HC CR.
- Any applicable unit tests.
Out of Scope:
N/A
Engineering Details:
- BYO resource group is required for this story.
- This story programmatically implements this Azure demo of using customer keys to encrypt the OS disk - https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-powershell#deploy-a-vm-with-customer-managed-keys
- is blocked by
-
-
- Closed
-
- relates to
-
OCPBUGS-39039 Azure Encryption at Host Should be Independently Togglable from DiskEncryptionSetID
-
- Closed
-
- links to
- mentioned on
