Enabling encryption on a vSphere cluster

You can encrypt your virtual machines after installing OKD 4 on vSphere by draining and shutting down your nodes one at a time. While each virtual machine is shutdown, you can enable encryption in the vCenter web interface.

Encrypting virtual machines

You can encrypt your virtual machines with the following process. You can drain your virtual machines, power them down and encrypt them using the vCenter interface. Finally, you can create a storage class to use the encrypted storage.

Prerequisites

Procedure

  1. Drain and cordon one of your nodes. For detailed instructions on node management, see “Working with Nodes”.

  2. Shutdown the virtual machine associated with that node in the vCenter interface.

  3. Right-click on the virtual machine in the vCenter interface and select VM PoliciesEdit VM Storage Policies.

  4. Select an encrypted storage policy and select OK.

  5. Start the encrypted virtual machine in the vCenter interface.

  6. Repeat steps 1-5 for all nodes that you want to encrypt.

  7. Configure a storage class that uses the encrypted storage policy. For more information about configuring an encrypted storage class, see “VMware vSphere CSI Driver Operator”.

Additional resources