Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: 4.16.0
Affects Version/s: 4.14
Component/s: HyperShift
Labels:
- triaged

Severity:
Critical
Regression:
No
Sprint:
Hypershift Sprint 246, Hypershift Sprint 247
sprint_count:
2
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.16.0

SFDC Cases Counter:
SFDC Cases Links:

Description

Description of problem:

    Standalone OCP encrypts various resources at rest in etcd:
https://docs.openshift.com/container-platform/4.14/security/encrypting-etcd.html
HyperShift control planes are only encrypting secrets. We should have parity with standalone.

Version-Release number of selected component (if applicable):

    4.14

How reproducible:

    Always

Steps to Reproduce:

    1. Create HyperShift standalone control plane
    2. Check that configmaps, routes, oauth access tokens or oauth authorize tokens are encrypted

Actual results:

    Those resources are not encrypted

Expected results:

    Those resources are encrypted

Additional info:

Resources to be encrypted are configured here:
https://github.com/openshift/hypershift/blob/main/control-plane-operator/controllers/hostedcontrolplane/kas/kms/aws.go#L121-L126

Attachments

Issue Links

links to

openshift/hypershift#3341: OCPBUGS-25342: Add extra resources to be encrypted.

RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update

mentioned on

Merge request - Bump IBM integration to our latest prod image.

Activity

People

Assignee:: Ian Main

Reporter:: Cesar Wong

QA Contact:: Jie Zhao

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 2023/12/13 3:14 PM

Updated:: 2024/01/29 11:19 PM