Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-35400

[GCP CAPI install] the optional "kmsKeyServiceAccount" is demanded for controlPlane unexpectedly

XMLWordPrintable

    • Moderate
    • Yes
    • Sprint 255
    • 1
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • N/A
    • Release Note Not Required
    • Done

      Description of problem:

      without specifying "kmsKeyServiceAccount" for controlPlane leads to creating bootstrap and control-plane machines failure

      Version-Release number of selected component (if applicable):

      4.16.0-0.nightly-multi-2024-06-12-211551

      How reproducible:

      Always

      Steps to Reproduce:

      1. "create install-config" and then insert disk encryption settings, but not set "kmsKeyServiceAccount" for controlPlane (see [2])
2. "create cluster" (see [3])

      Actual results:

      "create cluster" failed with below error: 

ERROR failed to fetch Cluster: failed to generate asset "Cluster": failed to create cluster: failed to create control-plane manifest: GCPMachine.infrastructure.cluster.x-k8s.io "jiwei-0613d-capi-84z69-bootstrap" is invalid: spec.rootDiskEncryptionKey.kmsKeyServiceAccount: Invalid value: "": spec.rootDiskEncryptionKey.kmsKeyServiceAccount in body should match '[-_[A-Za-z0-9]+@[-_[A-Za-z0-9]+.iam.gserviceaccount.com

      Expected results:

      Installation should succeed.

      Additional info:

      FYI the QE test case: 

OCP-61160 - [IPI-on-GCP] install cluster with different custom managed keys for control-plane and compute nodes https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-61160

              bfournie@redhat.com Robert Fournier
              rhn-support-jiwei Jianli Wei
              Jianli Wei Jianli Wei
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: