Skip to Main Content

Containers, Cloud Native & Kubernetes

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Policy for openebs cstor to access block volume with master key

user-lwmo7Oct 7 2023 — edited Oct 8 2023

Good afternoon everyone.

I am hoping someone has run into this or can provide insight into an issue I am having. I am installing openebs cstor into an OKE cluster and running into what seems like a permission/policy issue. My rationale for this is that if I remove my vault/master key from the block volumes, everything works fine. The volumes are still encrypted at rest, but with an Oracle key.

However, when encrypted with my key, I have no problems attaching the volumes to the node pool instances. I have no issue with the installation of cstor. Cstor is able to find the block volumes on each node instance. They show as unclaimed, which is what I'd expect. However, when I attempt to create the cluster pool, it fails indicating that the block volume is not owned by the node. That is clearly wrong and a symptom of the issue, which appears to be a permission problem.

I have added the policies identified on this page for boot and block volumes, but that does not seem to be enough to get past this issue. I am hoping someone can give me a pointer in the right direction to resolve this issue. Thanks.

Comments

InoL Apr 29 2024

How doc gen treats nulls values?

You have to be more specific. Are your referring to the pre-built Document Generator function?

If so:

When my query return null in some columns

What is the JSON that is generated?

You should always include the element in the JSON, with an empty value. Don't leave it out.

Francois Robert-Oracle Jan 8 2025 — edited on Jan 8 2025

Since September 2024, when a tag has no corresponding value in the JSON data or the value is null, the tag is replaced by an empty string.

See the September Release Notes

1 - 2

Post Details

Added on Oct 7 2023
16 comments
283 views