Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-36302

[CAPI Azure] It does not take effect when enabling disk encryption set in install-config

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • None
    • 4.17
    • None
    • Critical
    • Yes
    • Approved
    • False
    • Hide

      None

      Show
      None
    • N/A
    • Release Note Not Required
    • Done

      Description of problem:

      Enable diskEncryptionSet under defaultMachinePlatform in install-config:
      =============
      platform:
        azure:
          defaultMachinePlatform:
            encryptionAtHost: true
            osDisk:
              diskEncryptionSet:
                resourceGroup: jimades01-rg
                name: jimades01-des
                subscriptionId: 53b8f551-f0fc-4bea-8cba-6d1fefd54c8a
      
      Created cluster, checked diskEncryptionSet on each master instance's osDisk, all of them are empty.
      
      $ az vm list -g jimades01-8ktkn-rg --query '[].[name, storageProfile.osDisk.managedDisk.diskEncryptionSet]' -otable
      Column1                               Column2
      ------------------------------------  ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
      jimades01-8ktkn-master-0
      jimades01-8ktkn-master-1
      jimades01-8ktkn-master-2
      jimades01-8ktkn-worker-eastus1-9m8p5  {'id': '/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/jimades01-rg/providers/Microsoft.Compute/diskEncryptionSets/jimades01-des', 'resourceGroup': 'jimades01-rg'}
      jimades01-8ktkn-worker-eastus2-cmcn7  {'id': '/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/jimades01-rg/providers/Microsoft.Compute/diskEncryptionSets/jimades01-des', 'resourceGroup': 'jimades01-rg'}
      jimades01-8ktkn-worker-eastus3-nknss  {'id': '/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/jimades01-rg/providers/Microsoft.Compute/diskEncryptionSets/jimades01-des', 'resourceGroup': 'jimades01-rg'}
      
      same situation when setting diskEncryptionSet under controlPlane in install-config, no des setting in cluster api manifests 10_inframachine_jima24c-2cmlf_*.yaml.
      
      $ yq-go r 10_inframachine_jima24c-2cmlf-bootstrap.yaml 'spec.osDisk'
      cachingType: ReadWrite
      diskSizeGB: 1024
      managedDisk:
        storageAccountType: Premium_LRS
      osType: Linux
      
      $ yq-go r 10_inframachine_jima24c-2cmlf-master-0.yaml 'spec.osDisk'
      cachingType: ReadWrite
      diskSizeGB: 1024
      managedDisk:
        storageAccountType: Premium_LRS
      osType: Linux
      

      Version-Release number of selected component (if applicable):

      4.17.0-0.nightly-2024-06-23-145410    

      How reproducible:

      Always

      Steps to Reproduce:

          1. Configure disk encryption set under controlPlane or defaultMachinePlatform in install-config
          2. Create cluster
          3.
          

      Actual results:

          DES does not take effect on master instances

      Expected results:

          DES should be configured on all master instances

      Additional info:

          

            jhixson_redhat John Hixson
            jinyunma Jinyun Ma
            Jinyun Ma Jinyun Ma
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: