-
Bug
-
Resolution: Done-Errata
-
Undefined
-
None
-
4.17
-
None
-
Critical
-
Yes
-
Approved
-
False
-
-
N/A
-
Release Note Not Required
-
Done
Description of problem:
Enable diskEncryptionSet under defaultMachinePlatform in install-config: ============= platform: azure: defaultMachinePlatform: encryptionAtHost: true osDisk: diskEncryptionSet: resourceGroup: jimades01-rg name: jimades01-des subscriptionId: 53b8f551-f0fc-4bea-8cba-6d1fefd54c8a Created cluster, checked diskEncryptionSet on each master instance's osDisk, all of them are empty. $ az vm list -g jimades01-8ktkn-rg --query '[].[name, storageProfile.osDisk.managedDisk.diskEncryptionSet]' -otable Column1 Column2 ------------------------------------ --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- jimades01-8ktkn-master-0 jimades01-8ktkn-master-1 jimades01-8ktkn-master-2 jimades01-8ktkn-worker-eastus1-9m8p5 {'id': '/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/jimades01-rg/providers/Microsoft.Compute/diskEncryptionSets/jimades01-des', 'resourceGroup': 'jimades01-rg'} jimades01-8ktkn-worker-eastus2-cmcn7 {'id': '/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/jimades01-rg/providers/Microsoft.Compute/diskEncryptionSets/jimades01-des', 'resourceGroup': 'jimades01-rg'} jimades01-8ktkn-worker-eastus3-nknss {'id': '/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/jimades01-rg/providers/Microsoft.Compute/diskEncryptionSets/jimades01-des', 'resourceGroup': 'jimades01-rg'} same situation when setting diskEncryptionSet under controlPlane in install-config, no des setting in cluster api manifests 10_inframachine_jima24c-2cmlf_*.yaml. $ yq-go r 10_inframachine_jima24c-2cmlf-bootstrap.yaml 'spec.osDisk' cachingType: ReadWrite diskSizeGB: 1024 managedDisk: storageAccountType: Premium_LRS osType: Linux $ yq-go r 10_inframachine_jima24c-2cmlf-master-0.yaml 'spec.osDisk' cachingType: ReadWrite diskSizeGB: 1024 managedDisk: storageAccountType: Premium_LRS osType: Linux
Version-Release number of selected component (if applicable):
4.17.0-0.nightly-2024-06-23-145410
How reproducible:
Always
Steps to Reproduce:
1. Configure disk encryption set under controlPlane or defaultMachinePlatform in install-config 2. Create cluster 3.
Actual results:
DES does not take effect on master instances
Expected results:
DES should be configured on all master instances
Additional info:
- links to
-
RHEA-2024:3718 OpenShift Container Platform 4.17.z bug fix update