Does OKD version 4.6 support AWS KMS storage encryption?

Question

We are having exactly the same issue as mentioned on this link https://access.redhat.com/solutions/4827341 but we want to use OKD version probably the latest one which is OKD 4.6. My question is does it support KMS storage encryption in AWS?

While installing openshift OKD cluster on unencrypted disk is not the solution for us so does new OKD 4.6 version support KMS encryption to encrypt disk? As far as I know the redhat document says "This RFE was accomplished for OpenShift Container Platform 4.5" which means it should support KMS encryption from onward OCP version 4.5 and I think would be same for OKD version 4.5. I may be wrong please correct me.

Thanks

Answer 1

Well, the feature is in the OpenShift 4.5 Release Notes:

You can now define a KMS key to encrypt EBS instance volumes. This is useful if you have explicit compliance and security guidelines when deploying to AWS. The KMS key can be configured in the install-config.yaml file by setting the optional kmsKeyARN field. For example:

apiVersion: v1
baseDomain: example.com
compute:
- architecture: amd64
  hyperthreading: Enabled
  name: worker
  platform:
    aws:
      rootVolume:
        kmsKeyARN: arn:aws:kms:us-east-2:563456982459:key/4f5265b4-16f7-xxxx-xxxx-xxxxxxxxxxxx
...

So yes, I would guess that the same can be used in OKD 4.6.