Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-35531

[GCP CAPI install] the optional "kmsKeyServiceAccount" is demanded for controlPlane unexpectedly

XMLWordPrintable

    • Moderate
    • Yes
    • Sprint 255
    • 1
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, the KMS key was applied as an empty string. This always applied a KMS key that was invalid. With this release, the empty string is removed and the KMS key is only applied when one exists from the `install-config.yaml`. (link:https://issues.redhat.com/browse/OCPBUGS-35531[*OCPBUGS-35531*])
      _________
      Prior to this fix, the KMS key was applied as an empty string. This incorrectly always applied a KMS key that was invalid. The fix removes the empty string and the KMS key is only applied when one exists from the install config.
      Show
      * Previously, the KMS key was applied as an empty string. This always applied a KMS key that was invalid. With this release, the empty string is removed and the KMS key is only applied when one exists from the `install-config.yaml`. (link: https://issues.redhat.com/browse/OCPBUGS-35531 [* OCPBUGS-35531 *]) _________ Prior to this fix, the KMS key was applied as an empty string. This incorrectly always applied a KMS key that was invalid. The fix removes the empty string and the KMS key is only applied when one exists from the install config.
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-35400. The following is the description of the original issue:

      Description of problem:

      without specifying "kmsKeyServiceAccount" for controlPlane leads to creating bootstrap and control-plane machines failure

      Version-Release number of selected component (if applicable):

      4.16.0-0.nightly-multi-2024-06-12-211551

      How reproducible:

      Always

      Steps to Reproduce:

      1. "create install-config" and then insert disk encryption settings, but not set "kmsKeyServiceAccount" for controlPlane (see [2])
2. "create cluster" (see [3])

      Actual results:

      "create cluster" failed with below error: 

ERROR failed to fetch Cluster: failed to generate asset "Cluster": failed to create cluster: failed to create control-plane manifest: GCPMachine.infrastructure.cluster.x-k8s.io "jiwei-0613d-capi-84z69-bootstrap" is invalid: spec.rootDiskEncryptionKey.kmsKeyServiceAccount: Invalid value: "": spec.rootDiskEncryptionKey.kmsKeyServiceAccount in body should match '[-_[A-Za-z0-9]+@[-_[A-Za-z0-9]+.iam.gserviceaccount.com

      Expected results:

      Installation should succeed.

      Additional info:

      FYI the QE test case: 

OCP-61160 - [IPI-on-GCP] install cluster with different custom managed keys for control-plane and compute nodes https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-61160

            bfournie@redhat.com Robert Fournier
            openshift-crt-jira-prow OpenShift Prow Bot
            Jianli Wei Jianli Wei
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: