OpenShift 4 + AWS: IPI Installer KMS configuration
Issue
- As an enterprise user running OpenShift in AWS, is important to be able to configure which KMS key is used in order to encrypt the AMI and the EC2 instance volumes of the cluster because that is part of a company compliance and security rules.
- A simple and straightforward solution would be an additional field in the "platform.aws" section of the install-config.yaml that allows to set a KMS key ARN. With this approach, it could even specify different KMS keys for masters and workers.
Environment
- Red Hat OpenShift Container Platform (OCP) 4.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.