We are having exactly the same issue as mentioned on this link https://access.redhat.com/solutions/4827341 but we want to use OKD version probably the latest one which is OKD 4.6. My question is does it support KMS storage encryption in AWS?
While installing openshift OKD cluster on unencrypted disk is not the solution for us so does new OKD 4.6 version support KMS encryption to encrypt disk? As far as I know the redhat document says "This RFE was accomplished for OpenShift Container Platform 4.5" which means it should support KMS encryption from onward OCP version 4.5 and I think would be same for OKD version 4.5. I may be wrong please correct me.
Thanks
Well, the feature is in the OpenShift 4.5 Release Notes:
You can now define a KMS key to encrypt EBS instance volumes. This is useful if you have explicit compliance and security guidelines when deploying to AWS. The KMS key can be configured in the
install-config.yamlfile by setting the optionalkmsKeyARNfield. For example:apiVersion: v1 baseDomain: example.com compute: - architecture: amd64 hyperthreading: Enabled name: worker platform: aws: rootVolume: kmsKeyARN: arn:aws:kms:us-east-2:563456982459:key/4f5265b4-16f7-xxxx-xxxx-xxxxxxxxxxxx ...
So yes, I would guess that the same can be used in OKD 4.6.