Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-295

Offline network-bound disk encryption provisioning

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Done
    • Icon: Critical Critical
    • openshift-4.14
    • None
    • OS
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • 0% To Do, 0% In Progress, 100% Done
    • 0
    • 0
    • Program Call

      Feature Overview (aka. Goal Summary)  

      Tang-enforced, network-bound disk encryption has been available in OpenShift for some time, but all intended Tang-endpoints contributing unique key material to the process must be reachable during RHEL CoreOS provisioning in order to complete deployment.

      If a user wants to require 3 of 6 tang servers be reachable than all 6 must be reachable during the provisioning process. This might not be possible due to maintenance, outage, or simply network policy during deployment. 

      Enabling offline provisioning for first boot will help all of these scenarios.

       

      Goals (aka. expected user outcomes)

      The user can now provision a cluster with some or none of the Tang servers being reachable on first boot. Second boot, of course, will be subject to the Tang requirements being configured.

            rhn-support-mrussell Mark Russell
            rhn-support-mrussell Mark Russell
            Matthew Werner Matthew Werner
            Derrick Ornelas Derrick Ornelas
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: