Why can't I create a VPC cluster with encrypted worker nodes?
The VPC worker nodes can not be provisioned due to a key error with the KMS provider.
Encrypted storage cannot be configured. Review the customer root key configuration for the worker pool.
The KMS instance or root key was deleted between the time the worker pool was created and the time the worker was provisioned.
Verify that the KMS instance or root key still exist. If either one has been deleted, you must re-create the instance and a new worker pool to use encryption.
-
To check that KMS encryption is enabled, verify that the Key Management Service status is set to
enabled.ibmcloud oc cluster get -c <cluster_name_or_ID>Example output when the master is ready.
NAME: <cluster_name> ID: <cluster_ID> ... Master Status: Ready (1 min ago) ... Key Management Service: enabled -
Verify that the root key still exists from the Red Hat OpenShift clusters console.
-
Log in to the IBM Cloud console.
-
Go to Menu > Resource list to view a list of your resources.
-
From the resource list, select your instance of your KMS provider.
-
-
If either instance or the root key has been disabled or deleted, you must recreate them. For more information, see Setting up a KMS provider.
-
If the issue persists, contact support. Open a support case. In the case details, be sure to include any relevant log files, error messages, or command outputs.