You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I tried to install an Openshift Cluster on Azure with Confidential Computing Feature Enabled and Customer Managed Key Disk Encryption Set for encrypt the OS Disk.
I have configured the install-config.yaml by adding the parameter for confidential Computing:
I run the command for create the cluster:
./openshift-install create cluster --dir config --log-level=debug
but the creation failed with this error:
ERROR Error: creating Linux Virtual Machine: (Name "clu01-test-22965-bootstrap" / Resource Group "xxxxxxxxx"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="Encryption Type ConfidentialVmEncryptedWithCustomerKey is not supported for server side encryption with customer managed key." Target="/subscriptions/xxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Compute/disks/clu01-test-22965-bootstrap_OSDisk"
I think the problem is that in the case of confidential computing I need to configure secure_vm_disk_encryption_set_id for the encryption of OS disk ( The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk when the Virtual Machine is a Confidential VM).
Is it possible to add this parameter to the install-config.yaml file? instead of the standard diskEncryptionSet present in the file.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle rotten
/remove-lifecycle stale
openshift-cibot
added
lifecycle/rotten
Denotes an issue or PR that has aged beyond stale and will be auto-closed.
and removed
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
labels
Jul 10, 2024
Version
Openshift 4.15
Platform:
Azure
IPI Installation
What happened?
I tried to install an Openshift Cluster on Azure with Confidential Computing Feature Enabled and Customer Managed Key Disk Encryption Set for encrypt the OS Disk.
I have configured the install-config.yaml by adding the parameter for confidential Computing:
https://docs.openshift.com/container-platform/4.15/installing/installing_azure/installing-azure-private.html#installation-azure-confidential-vms_installing-azure-private
I run the command for create the cluster:
./openshift-install create cluster --dir config --log-level=debug
but the creation failed with this error:
ERROR Error: creating Linux Virtual Machine: (Name "clu01-test-22965-bootstrap" / Resource Group "xxxxxxxxx"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="Encryption Type ConfidentialVmEncryptedWithCustomerKey is not supported for server side encryption with customer managed key." Target="/subscriptions/xxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Compute/disks/clu01-test-22965-bootstrap_OSDisk"
I think the problem is that in the case of confidential computing I need to configure secure_vm_disk_encryption_set_id for the encryption of OS disk ( The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk when the Virtual Machine is a Confidential VM).
Is it possible to add this parameter to the install-config.yaml file? instead of the standard diskEncryptionSet present in the file.
I saw that the reference variable is present in the main.tf of the bootstrap:
https://github.com/openshift/installer/blob/master/data/data/azure/bootstrap/main.tf
How to reproduce it (as minimally and precisely as possible)?
Create a OCP Cluster on Azure with Confidential Computing and Confidential disk encryption with a customer-managed key.
The text was updated successfully, but these errors were encountered: