-
Bug
-
Resolution: Can't Do
-
Undefined
-
None
-
4.13.z, 4.12.z, 4.11.z, 4.10.z, 4.9.z, 4.8.z
-
Moderate
-
No
-
3
-
OSDOCS Sprint 234, OSDOCS Sprint 235, OSDOCS Sprint 237, OSDOCS Sprint 238, OSDOCS Sprint 236, OSDOCS Sprint 239, OSDOCS Sprint 241, OSDOCS Sprint 242, OSDOCS Sprint 243, OSDOCS Sprint 244, OSDOCS Sprint 245, OSDOCS Sprint 246, OSDOCS Sprint 247
-
13
-
False
-
-
N/A
-
Release Note Not Required
Description of problem:
The ETCD Encryption chapter of RHOCP docs tells us that by enabling encryption some encryption-keys are created. There is no mention of where the keys are and which approach a customer should use to backup them for recovery scenarios. This is extremely important especially since keys gets rotated weekly, so a best practice mention should be put in place possibly.
Version-Release number of selected component (if applicable):
4.y.z
How reproducible:
Anytime, no mention in doc
Steps to Reproduce:
1. Have a look at https://docs.openshift.com/container-platform/4.12/security/encrypting-etcd.html 2. 3.
Actual results:
When you enable etcd encryption, encryption keys are created. These keys are rotated on a weekly basis. You must have these keys to restore from an etcd backup.
Expected results:
When you enable etcd encryption, encryption keys are created. These keys are rotated on a weekly basis. You must have these keys to restore from an etcd backup. You can do it this way <best-practice step to achieve the goal>
Additional info: