Merge pull request #94278 from bscott-rh/OSDOCS-14620

OSDOCS-14620 adding confidential compute GCP parameters

Author: bscott-rh

modules/installation-configuration-parameters.adoc

@@ -2428,8 +2428,18 @@ When running your cluster on GCP 64-bit ARM infrastructures, ensure that you use
   gcp:
     defaultMachinePlatform:
       confidentialCompute:
-|Whether to use Confidential VMs for all machines in the cluster. Confidential VMs provide encryption for data during processing. For more information on Confidential computing, see Google's documentation on link:https://cloud.google.com/confidential-computing[Confidential computing].
-|`Enabled` or `Disabled`. The default value is `Disabled`.
+|Whether to use Confidential VMs for all machines in the cluster. Confidential VMs provide encryption for data during processing. For more information on Confidential computing, see Google's documentation about link:https://cloud.google.com/confidential-computing[Confidential Computing].
+
+Supported values are:
+
+* `Enabled`, which automatically selects a Confidential Computing platform
+* `Disabled`, which disables Confidential Computing
+* `AMDEncryptedVirtualization`, which enables Confidential Computing with AMD Secure Encrypted Virtualization (AMD SEV)
+* `AMDEncryptedVirtualizationNestedPaging`, which enables Confidential Computing with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP)
+* `IntelTrustedDomainExtensions`, which enables Confidential Computing with Intel Trusted Domain Extensions (Intel TDX)
+
+If you specify any value other than `Disabled`, you must set `platform.gcp.defaultMachinePlatform.onHostMaintenance` to `Terminate`, and you must specify a region and machine type that support Confidential Computing. For more information, see Google's documentation about link:https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#machine-type-cpu-zone[Supported configurations].
+|String.
 
 |platform:
   gcp:
@@ -2540,8 +2550,18 @@ When running your cluster on GCP 64-bit ARM infrastructures, ensure that you use
   platform:
     gcp:
       confidentialCompute:
-|Whether to enable Confidential VMs for control plane machines. Confidential VMs provide encryption for data while it is being processed. For more information on Confidential VMs, see Google's documentation on link:https://cloud.google.com/confidential-computing[Confidential Computing].
-|`Enabled` or `Disabled`. The default value is `Disabled`.
+|Whether to use Confidential VMs for control plane machines. Confidential VMs provide encryption for data during processing. For more information on Confidential computing, see Google's documentation about link:https://cloud.google.com/confidential-computing[Confidential Computing].
+
+Supported values are:
+
+* `Enabled`, which automatically selects a Confidential Computing platform
+* `Disabled`, which disables Confidential Computing
+* `AMDEncryptedVirtualization`, which enables Confidential Computing with AMD Secure Encrypted Virtualization (AMD SEV)
+* `AMDEncryptedVirtualizationNestedPaging`, which enables Confidential Computing with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP)
+* `IntelTrustedDomainExtensions`, which enables Confidential Computing with Intel Trusted Domain Extensions (Intel TDX)
+
+If you specify any value other than `Disabled`, you must set `controlPlane.platform.gcp.defaultMachinePlatform.onHostMaintenance` to `Terminate`.
+|String.
 
 |controlPlane:
   platform:
@@ -2663,8 +2683,18 @@ When running your cluster on GCP 64-bit ARM infrastructures, ensure that you use
   platform:
     gcp:
       confidentialCompute:
-|Whether to enable Confidential VMs for compute machines. Confidential VMs provide encryption for data while it is being processed. For more information on Confidential VMs, see Google's documentation on link:https://cloud.google.com/confidential-computing[Confidential Computing].
-|`Enabled` or `Disabled`. The default value is `Disabled`.
+|Whether to use Confidential VMs for compute machines. Confidential VMs provide encryption for data during processing. For more information on Confidential computing, see Google's documentation on link:https://cloud.google.com/confidential-computing[Confidential computing].
+
+Supported values are:
+
+* `Enabled`, which automatically selects a Confidential Computing platform
+* `Disabled`, which disables Confidential Computing
+* `AMDEncryptedVirtualization`, which enables Confidential Computing with AMD Secure Encrypted Virtualization (AMD SEV)
+* `AMDEncryptedVirtualizationNestedPaging`, which enables Confidential Computing with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP)
+* `IntelTrustedDomainExtensions`, which enables Confidential Computing with Intel Trusted Domain Extensions (Intel TDX)
+
+If you specify any value other than `Disabled`, you must set `compute.platform.gcp.onHostMaintenance` to `Terminate`.
+|String.
 
 |compute:
   platform:
@@ -2869,9 +2899,9 @@ endif::vsphere[]
     failureDomains:
       region:
 |If you define multiple failure domains for your cluster, you must attach the tag to each vCenter data center. To define a region, use a tag from the `openshift-region` tag category. For a single vSphere data center environment, you do not need to attach a tag, but you must enter an alphanumeric value, such as `datacenter`, for the parameter.
-If you want base your failure domains on host groups, attach these tags to your vSphere clusters instead of your data centers. 
+If you want to base your failure domains on host groups, attach these tags to your vSphere clusters instead of your data centers.
 
-:FeatureName: Openshift zones support for vSphere host groups 
+:FeatureName: Openshift zones support for vSphere host groups
 include::snippets/technology-preview.adoc[]
 
 |String
@@ -2880,9 +2910,9 @@ include::snippets/technology-preview.adoc[]
   vsphere:
     failureDomains:
       regionType:
-|Specifies the `ComputeCluster` region type to enable host groups. 
+|Specifies the `ComputeCluster` region type to enable host groups.
 
-:FeatureName: Openshift zones support for vSphere host groups 
+:FeatureName: Openshift zones support for vSphere host groups
 include::snippets/technology-preview.adoc[]
 
 |String
@@ -2899,7 +2929,7 @@ include::snippets/technology-preview.adoc[]
     failureDomains:
       zone:
 |If you define multiple failure domains for your cluster, you must attach a tag to each vCenter cluster. To define a zone, use a tag from the `openshift-zone` tag category. For a single vSphere data center environment, you do not need to attach a tag, but you must enter an alphanumeric value, such as `cluster`, for the parameter.
-If you want to base your failure domains on host groups, define zones that correspond to your host groups instead of your clusters. Use these tags to associate each ESXi host with its host group. 
+If you want to base your failure domains on host groups, define zones that correspond to your host groups instead of your clusters. Use these tags to associate each ESXi host with its host group.
 
 :FeatureName: Openshift zones support for vSphere host groups
 include::snippets/technology-preview.adoc[]
@@ -2910,7 +2940,7 @@ include::snippets/technology-preview.adoc[]
   vsphere:
     failureDomains:
       zoneType:
-|Specifies the `HostGroup` zone type to enable host groups. 
+|Specifies the `HostGroup` zone type to enable host groups.
 
 :FeatureName: Openshift zones support for vSphere host groups
 include::snippets/technology-preview.adoc[]
@@ -2980,7 +3010,7 @@ endif::vsphere[]
 |Specifies the vSphere host group to associate with the failure domain.
 
 :FeatureName: Openshift zones support for vSphere host groups
-include::snippets/technology-preview.adoc[]  
+include::snippets/technology-preview.adoc[]
 
 |String