How to use azure key vault for creating OpenShift 4 secrets?
Environment
- Red Hat OpenShift Container Platform (RHOCP)
- 4
- Azure Red Hat OpenShift (ARO)
- 4
Issue
- How azure key vault can be used to create OpenShift secrets or storing secrets?
- Is there any OpenShift official documentation for storing secrets in azure key vaults?
Resolution
Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.
Azure Key Vault for storing OpenShift secrets is not yet supported in OCP 4. There is an internal task to Support Kube KMS Provider: API-1021.
Note: For ARO clusters, please refer to the ARO documentation: Use Azure Key Vault Provider for Secrets Store CSI Driver on Azure Red Hat OpenShift.
Workaround
It's possible to use the Azure Key Vault Provider for Secrets Store CSI Driver, but please, note that it's an community project and it's not supported. Also, there is a known issue that causes OCP upgrades to get stuck with the MachineConfigPools in Degraded state when it's installed. Refer to KCS 6522771 for additional information.
Root Cause
Azure Key Vault for storing OpenShift secrets is not yet supported in OpenShift 4.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments