ROSA / OSD : Custom KMS key not propagated to default storage class

Solution Verified - Updated -

Issue

A Red Hat OpenShift Service on AWS (ROSA) or OpenShift Dedicated (on AWS) cluster configured (at install time) to use a customer managed AWS KMS key for encryption may not use the customer supplied AWS KMS key to encrypt persistent volumes for the cluster. The specified AWS KMS key is only used to encrypt the root filesystem for cluster nodes.
Persistent volumes are still encrypted, but uses the default AWS managed KMS key for the region the cluster is in, rather than the specified customer managed KMS key.

Environment

This issue impacts Red Hat OpenShift Service on AWS (ROSA) or OpenShift Dedicated (on AWS) clusters deployed before 20 April 2022 that were configured to use a customer managed AWS KMS key. Clusters created after this date should not be affected.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content