OCPBUG26050: Added a section for day2 operator for azure disk encryption sets.

[subhtk]

Version(s): 4.12+

Issue: OCPBUG-26050

Link to docs preview: Preview

QE review:

• QE has approved this change.

Additional information:

[ocpdocs-previewbot]

🤖 Fri Apr 11 14:56:37 - Prow CI generated the docs preview:

https://72130--ocpdocs-pr.netlify.app/openshift-enterprise/latest/installing/installing_azure/enabling-user-managed-encryption-azure.html

[patrickdillon]

This LGTM, but should have QE or the engineer responsible for this ack as well

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[openshift-bot]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

[openshift-bot]

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

[openshift-ci]

@openshift-bot: Closed this PR.

Details

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[subhtk]

/reopen

[subhtk]

/remove-lifecycle rotten

[openshift-ci]

@subhtk: Reopened this PR.

Details

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[openshift-bot]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

[subhtk]

/remove-lifecycle rotten

[dfitzmau]

Suggested change

	include::modules/installation-azure-day2-operations-diskencryptionsets.adoc[leveloffset=+1]
	// Preparing an Azure Disk Encryption Set for Day2 Operator
	include::modules/installation-azure-day2-operations-diskencryptionsets.adoc[leveloffset=+1]

Day 2 or post-installation? From my time on the installation team, they preferred post-isntallation.

[subhtk]

@jinyunma can you take a look?

[jinyunma]

This section is applied optionally on running cluster, I thinks day2 should be okay.
But the section title looks confused.

During installation (day1), installer supports to enable disk encryption with both platform-managed keys and with customer-managed keys. If enabling with customer-managed keys, user needs to create resource disk encryption set to provide those keys, that's what describes in section Preparing an Azure Disk Encryption Set

For day2 operation, only encryption at host with platform-managed keys is verified with steps described in this PR. How about to update as "Enable disk encryption with platform-managed keys on day2"?

[dfitzmau]

Suggested change

	. Make sure that all the operators are available.
	. Make sure that all the operators are available.

How?

[subhtk]

@jinyunma can you verify if this is the correct step:

. Verify that all cluster Operators are available:
+
[source,terminal]
----
$ oc get clusteroperators
----
+
All Operators should show `AVAILABLE=True`, `PROGRESSING=False`, and `DEGRADED=False`.

[jinyunma]

How about to check node status instead of operators status here? Similar as hardware update for VM on vSphere.

Power on VM -> Wait for the node to report as "Ready" ($ oc wait --for=condition=Ready node/<node_name>) -> Make the node as schedulable again ($ oc adm uncordon <node_name>)

Same procedures are also verified in our automation script.

[openshift-ci]

@subhtk: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[jinyunma]

Based on #72130 (comment), suggest to update here too, something like:

If disk encryption is not configured during installation, you can enable disk encryption with platform-managed keys on each node when cluster is up and running.

[bergerhoffer]

The branch/enterprise-4.20 label has been added to this PR.

This is because your PR targets the main branch and is labeled for enterprise-4.19. And any PR going into main must also target the latest version branch (enterprise-4.20).

If the update in your PR does NOT apply to version 4.20 onward, please re-target this PR to go directly into the appropriate version branch or branches (enterprise-4.x) instead of main.

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[openshift-bot]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

[bergerhoffer]

The branch/enterprise-4.21 label has been added to this PR.

This is because your PR targets the main branch and is labeled for enterprise-4.20. And any PR going into main must also target the latest version branch (enterprise-4.21).

If the update in your PR does NOT apply to version 4.21 onward, please re-target this PR to go directly into the appropriate version branch or branches (enterprise-4.x) instead of main.

[mburke5678]

Closed in favor of #101966

[openshift-bot]

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

[openshift-ci]

@openshift-bot: Closed this PR.

Details

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.