You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I tried to install an Openshift Cluster on Azure with Confidential Computing Feature Enabled and Customer Managed Key Disk Encryption Set for encrypt the OS Disk.
I have configured the install-config.yaml by adding the parameter for confidential Computing:
I run the command for create the cluster:
./openshift-install create cluster --dir config --log-level=debug
but the creation failed with this error:
ERROR Error: creating Linux Virtual Machine: (Name "clu01-test-22965-bootstrap" / Resource Group "xxxxxxxxx"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="Encryption Type ConfidentialVmEncryptedWithCustomerKey is not supported for server side encryption with customer managed key." Target="/subscriptions/xxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Compute/disks/clu01-test-22965-bootstrap_OSDisk"
I think the problem is that in the case of confidential computing I need to configure secure_vm_disk_encryption_set_id for the encryption of OS disk ( The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk when the Virtual Machine is a Confidential VM).
Is it possible to add this parameter to the install-config.yaml file? instead of the standard diskEncryptionSet present in the file.
Version
Openshift 4.15
Platform:
Azure
IPI Installation
What happened?
I tried to install an Openshift Cluster on Azure with Confidential Computing Feature Enabled and Customer Managed Key Disk Encryption Set for encrypt the OS Disk.
I have configured the install-config.yaml by adding the parameter for confidential Computing:
https://docs.openshift.com/container-platform/4.15/installing/installing_azure/installing-azure-private.html#installation-azure-confidential-vms_installing-azure-private
I run the command for create the cluster:
./openshift-install create cluster --dir config --log-level=debug
but the creation failed with this error:
ERROR Error: creating Linux Virtual Machine: (Name "clu01-test-22965-bootstrap" / Resource Group "xxxxxxxxx"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="Encryption Type ConfidentialVmEncryptedWithCustomerKey is not supported for server side encryption with customer managed key." Target="/subscriptions/xxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Compute/disks/clu01-test-22965-bootstrap_OSDisk"
I think the problem is that in the case of confidential computing I need to configure secure_vm_disk_encryption_set_id for the encryption of OS disk ( The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk when the Virtual Machine is a Confidential VM).
Is it possible to add this parameter to the install-config.yaml file? instead of the standard diskEncryptionSet present in the file.
I saw that the reference variable is present in the main.tf of the bootstrap:
https://github.com/openshift/installer/blob/master/data/data/azure/bootstrap/main.tf
How to reproduce it (as minimally and precisely as possible)?
Create a OCP Cluster on Azure with Confidential Computing and Confidential disk encryption with a customer-managed key.
The text was updated successfully, but these errors were encountered: