VMware Tanzu Encrypted Volumes Pending

I’m running Portworx Essentials (v3.1) on a VMware Tanzu cluster (Kube v1.24.9) and I cannot get any of the encrypted storage classes to work.

If I deploy a PVC with a non-encrypted portworx storage class it works and I can see the volume/reps in the pxctl.

If I deploy a PVC with a portworx storage class with secure=true it hangs indefinitely with no pod logs showing any errors. In pxctl I can see the failed volume, but if I try and delete it it times out as well. Doesn’t matter if its a CSI backed storage class or either.

Spec was generated through Portworx spec generator and secret is setup with Azure Key Vault. The AKV works because I can see portworx generate the cluster wide secret entry and no errors there.

Is it possible this is a bug or a limit of the Essentials license?

1 Like

I am also having this issue. Looking for any insights if its an essentials limitation. When analyzing the license list with pxctl I can see BYOK data encryption is enabled.