Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: 4.18.0
Affects Version/s: 4.16
Component/s: kube-apiserver
Labels:
- api

Severity:
Critical
Regression:
No
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.18.0
Target Backport Versions:

4.17.0, 4.16.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Due to upstream changes (https://github.com/kubernetes/kubernetes/pull/121485) KMSv1 is deprecated starting with k8s 1.29. HyperShift is actively using KMSv1. Migrating cluster from KMSv1 to KMSv2 is tricky so we need to at least make sure that new ROSA clusters can only enable KMSv2 whilst old one remains on KMSv1.

We need to verify that new installations of ROSA that enables KMS encryption are running the KMSv2 API and that old clusters upgrading to a version where KMSv2 is available remains on KMSv1.

blocks

OCPBUGS-41718 Switch to using KMSv2 on ROSA

Closed

is cloned by

OCPBUGS-41718 Switch to using KMSv2 on ROSA

Closed

links to

openshift/hypershift#4502: OCPBUGS-25937: Support KMS v2 on AWS

RHEA-2024:6122 OpenShift Container Platform 4.18.z bug fix update

Assignee:: Damien Grisonnet

Reporter:: Maciej Szulik (Inactive)

QA Contact:: Ke Wang

Contributors:: Ying Zhang

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2024/01/02 3:28 PM

Updated:: 2024/10/14 9:56 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates