You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/machineset-gcp-confidential-vm.adoc
+29-13Lines changed: 29 additions & 13 deletions
Original file line number
Diff line number
Diff line change
@@ -18,10 +18,7 @@ For more information about Confidential VM features, functions, and compatibilit
18
18
[NOTE]
19
19
====
20
20
Confidential VMs are currently not supported on 64-bit ARM architectures.
21
-
====
22
-
[IMPORTANT]
23
-
====
24
-
{product-title} {product-version} does not support some Confidential Compute features, such as Confidential VMs with AMD Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP).
21
+
If you use Confidential VM, you must ensure that you select a supported region. For details on supported regions and configurations, see the GCP Compute Engine documentation about link:https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#supported-zones[supported zones].
25
22
====
26
23
27
24
.Procedure
@@ -35,12 +32,7 @@ Confidential VMs are currently not supported on 64-bit ARM architectures.
35
32
ifndef::cpmso[]
36
33
apiVersion: machine.openshift.io/v1beta1
37
34
kind: MachineSet
38
-
endif::cpmso[]
39
-
ifdef::cpmso[]
40
-
apiVersion: machine.openshift.io/v1
41
-
kind: ControlPlaneMachineSet
42
-
endif::cpmso[]
43
-
...
35
+
# ...
44
36
spec:
45
37
template:
46
38
spec:
@@ -49,11 +41,35 @@ spec:
49
41
confidentialCompute: Enabled <1>
50
42
onHostMaintenance: Terminate <2>
51
43
machineType: n2d-standard-8 <3>
52
-
...
44
+
endif::cpmso[]
45
+
ifdef::cpmso[]
46
+
apiVersion: machine.openshift.io/v1
47
+
kind: ControlPlaneMachineSet
48
+
# ...
49
+
machines_v1beta1_machine_openshift_io:
50
+
spec:
51
+
providerSpec:
52
+
value:
53
+
confidentialCompute: Enabled <1>
54
+
onHostMaintenance: Terminate <2>
55
+
machineType: n2d-standard-8 <3>
56
+
endif::cpmso[]
57
+
# ...
53
58
----
54
-
<1> Specify whether Confidential VM is enabled. Valid values are `Disabled` or `Enabled`.
59
+
<1> Specify whether Confidential VM is enabled. The following values are valid:
60
+
61
+
`Enabled`:: Enables Confidential VM with a default selection of Confidential VM technology. The default selection is AMD Secure Encrypted Virtualization (AMD SEV).
62
+
63
+
`Disabled`:: Disables Confidential VM.
64
+
65
+
`AMDEncryptedVirtualization`:: Enables Confidential VM using AMD SEV. AMD SEV supports c2d, n2d, and c3d machines.
66
+
67
+
`AMDEncryptedVirtualizationNestedPaging`:: Enables Confidential VM using AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP). AMD SEV-SNP supports n2d machines.
68
+
69
+
`IntelTrustedDomainExtensions`:: Enables Confidential VM using Intel Trusted Domain Extensions (Intel TDX). Intel TDX supports n2d machines.
70
+
+
55
71
<2> Specify the behavior of the VM during a host maintenance event, such as a hardware or software update. For a machine that uses Confidential VM, this value must be set to `Terminate`, which stops the VM. Confidential VM does not support live VM migration.
56
-
<3> Specify a machine type that supports Confidential VM. Confidential VM supports the N2D and C2D series of machine types.
72
+
<3> Specify a machine type that supports the Confidential VM option that you specified in the `confidentialCompute` field.
0 commit comments