Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.17
Component/s: Installer / openshift-installer
Labels:
None

Severity:
Critical
Regression:
Yes
Epic Link:
Azure CAPI Install
Release Blocker:
Approved
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.17.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

Enable diskEncryptionSet under defaultMachinePlatform in install-config:
=============
platform:
  azure:
    defaultMachinePlatform:
      encryptionAtHost: true
      osDisk:
        diskEncryptionSet:
          resourceGroup: jimades01-rg
          name: jimades01-des
          subscriptionId: 53b8f551-f0fc-4bea-8cba-6d1fefd54c8a

Created cluster, checked diskEncryptionSet on each master instance's osDisk, all of them are empty.

$ az vm list -g jimades01-8ktkn-rg --query '[].[name, storageProfile.osDisk.managedDisk.diskEncryptionSet]' -otable
Column1                               Column2
------------------------------------  ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
jimades01-8ktkn-master-0
jimades01-8ktkn-master-1
jimades01-8ktkn-master-2
jimades01-8ktkn-worker-eastus1-9m8p5  {'id': '/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/jimades01-rg/providers/Microsoft.Compute/diskEncryptionSets/jimades01-des', 'resourceGroup': 'jimades01-rg'}
jimades01-8ktkn-worker-eastus2-cmcn7  {'id': '/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/jimades01-rg/providers/Microsoft.Compute/diskEncryptionSets/jimades01-des', 'resourceGroup': 'jimades01-rg'}
jimades01-8ktkn-worker-eastus3-nknss  {'id': '/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/jimades01-rg/providers/Microsoft.Compute/diskEncryptionSets/jimades01-des', 'resourceGroup': 'jimades01-rg'}

same situation when setting diskEncryptionSet under controlPlane in install-config, no des setting in cluster api manifests 10_inframachine_jima24c-2cmlf_*.yaml.

$ yq-go r 10_inframachine_jima24c-2cmlf-bootstrap.yaml 'spec.osDisk'
cachingType: ReadWrite
diskSizeGB: 1024
managedDisk:
  storageAccountType: Premium_LRS
osType: Linux

$ yq-go r 10_inframachine_jima24c-2cmlf-master-0.yaml 'spec.osDisk'
cachingType: ReadWrite
diskSizeGB: 1024
managedDisk:
  storageAccountType: Premium_LRS
osType: Linux

Version-Release number of selected component (if applicable):

4.17.0-0.nightly-2024-06-23-145410

How reproducible:

Always

Steps to Reproduce:

    1. Configure disk encryption set under controlPlane or defaultMachinePlatform in install-config
    2. Create cluster
    3.

Actual results:

    DES does not take effect on master instances

Expected results:

    DES should be configured on all master instances

Additional info:

links to

openshift/installer#8756: OCPBUGS-36302: pkg/asset/machines/azure: Don't set disk encryption set to nil

RHEA-2024:3718 OpenShift Container Platform 4.17.z bug fix update

Assignee:: John Hixson

Reporter:: Jinyun Ma

QA Contact:: Jinyun Ma

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/06/28 2:55 AM

Updated:: 2024/08/15 3:08 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates