@@ -54,21 +54,22 @@ metadata:
5454 labels:
5555 machineconfiguration.openshift.io/role: worker
5656boot_device:
57- layout: x86_64
57+ layout: x86_64 <1>
5858 luks:
59- tpm2: true <1 >
60- tang: <2 >
59+ tpm2: true <2 >
60+ tang: <3 >
6161 - url: http://tang1.example.com:7500
6262 thumbprint: jwGN5tRFK-kF6pIX89ssF3khxxX
6363 - url: http://tang2.example.com:7500
6464 thumbprint: VCJsvZFjBSIHSldw78rOrq7h2ZF
65- threshold: 2 <3 >
65+ threshold: 2 <4 >
6666openshift:
6767 fips: true
6868----
69- <1> Include this field if you want to use a Trusted Platform Module (TPM) to encrypt the root file system.
70- <2> Include this section if you want to use one or more Tang servers.
71- <3> Specify the minimum number of TPM v2 and Tang encryption conditions that must be met for decryption to occur.
69+ <1> Set this field to the instruction set architecture of the cluster nodes. Some examples include, `x86_64`, `aarch64`, or `ppc64le`.
70+ <2> Include this field if you want to use a Trusted Platform Module (TPM) to encrypt the root file system.
71+ <3> Include this section if you want to use one or more Tang servers.
72+ <4> Specify the minimum number of TPM v2 and Tang encryption conditions that must be met for decryption to occur.
7273
7374[IMPORTANT]
7475====
@@ -196,7 +197,7 @@ openshift:
196197----
197198+
198199<1> For control plane configurations, replace `worker` with `master` in both of these locations.
199- <2> On ppc64le nodes, set this field to `ppc64le`. On all other nodes, this field can be omitted.
200+ <2> Set this field to the instruction set architecture of the cluster nodes. Some examples include, `x86_64`, `aarch64`, or `ppc64le`.
200201<3> Include this section if you want to encrypt the root file system. For more details, see the _About disk encryption_ section.
201202<4> Include this field if you want to use a Trusted Platform Module (TPM) to encrypt the root file system.
202203<5> Include this section if you want to use one or more Tang servers.
0 commit comments