Bug 1734193: Wire provider spec EBS volume Encrypted field into ec2.EbsBlockDevice.Encrypted field#245
Bug 1734193: Wire provider spec EBS volume Encrypted field into ec2.EbsBlockDevice.Encrypted field#245openshift-merge-robot merged 1 commit intoopenshift:masterfrom ingvagabund:wire-ebs-encoded-field-to-ec2-ebs-one
Conversation
….Encrypted field AWS actuator allows to specify encrypted root volumes for compute machines. Though, it does not wire it to EBS definition which is passed to AWS ec2 service. The provider should respect the setting and provision encrypted volumes when requested. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1734193
openshift-ci-robot
added
the
size/XS
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: enxebre The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
nit: you can reference the bug from the PR subject to get links in release-image changelogs with: |
|
/retitle Bug 1734193: Wire provider spec EBS volume Encrypted field into ec2.EbsBlockDevice.Encrypted field |
openshift-ci-robot
changed the title
|
@ingvagabund: This pull request references a valid Bugzilla bug. The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
bugzilla/valid-bug
michaelgugino
left a comment
michaelgugino
left a comment
There was a problem hiding this comment.
/lgtm
Probably should test this in e2e somehow, but I think we should be able to trust that the cloud-provider does the right thing on the other hand.
|
@ingvagabund: All pull requests linked via external trackers have merged. The Bugzilla bug has been moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
The AWS cluster-API provider just started respecting this property in openshift/cluster-api-provider-aws@99de8f2015 (Wire provider spec EBS volume Encrypted field into ec2.EbsBlockDevice.Encrypted field, 2019-08-05, openshift/cluster-api-provider-aws#245). By asking for it, we'll get encrypted root volumes for compute machines and remove the need for copy-and-encrypting the control-plane machines.
I've filed openshift/installer#2160 to use this approach for all machines except the bootstrap machine. We can ensure it's working just by looking for unencrypted root volumes in the CI account. |
|
validation should be also included here https://github.com/openshift/cluster-api-provider-aws/blob/master/test/machines/machines_test.go#L209-L243 |
6 participants
AWS actuator allows to specify encrypted root volumes for compute machines.
Though, it does not wire it to EBS definition which is passed to AWS ec2 service.
The provider should respect the setting and provision encrypted volumes when requested.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1734193