Open pietromariodambrosio opened 4 months ago
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten /remove-lifecycle stale
Version
Openshift 4.15
Platform:
Azure IPI Installation
What happened?
I tried to install an Openshift Cluster on Azure with Confidential Computing Feature Enabled and Customer Managed Key Disk Encryption Set for encrypt the OS Disk.
I have configured the install-config.yaml by adding the parameter for confidential Computing:
https://docs.openshift.com/container-platform/4.15/installing/installing_azure/installing-azure-private.html#installation-azure-confidential-vms_installing-azure-private
I run the command for create the cluster: ./openshift-install create cluster --dir config --log-level=debug
but the creation failed with this error:
ERROR Error: creating Linux Virtual Machine: (Name "clu01-test-22965-bootstrap" / Resource Group "xxxxxxxxx"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="Encryption Type ConfidentialVmEncryptedWithCustomerKey is not supported for server side encryption with customer managed key." Target="/subscriptions/xxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Compute/disks/clu01-test-22965-bootstrap_OSDisk"
I think the problem is that in the case of confidential computing I need to configure secure_vm_disk_encryption_set_id for the encryption of OS disk ( The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk when the Virtual Machine is a Confidential VM).
Is it possible to add this parameter to the install-config.yaml file? instead of the standard diskEncryptionSet present in the file.
I saw that the reference variable is present in the main.tf of the bootstrap: https://github.com/openshift/installer/blob/master/data/data/azure/bootstrap/main.tf
How to reproduce it (as minimally and precisely as possible)?
Create a OCP Cluster on Azure with Confidential Computing and Confidential disk encryption with a customer-managed key.