-
Task
-
Resolution: Done
-
Medium
-
None
-
None
-
None
-
BU Product Work
-
1
-
False
-
None
-
False
-
KATA-2416 - Enable Confidential Containers using the OpenShift sandboxed containers operator
-
-
-
Kata Sprint #254
-
0
-
0.000
The operator updates the “peer-pods-cm” configMap, if not already done by the user. The operator must set the following:
- DISABLECVM: "false"
Test:
- Default values are set when enabling the "confidential" feature.
- Custom values are not overwritten.
Document how to set the desired instance size. The user must set the following:
- For SEV-SNP:
- AZURE_INSTANCE_SIZE: "Standard_DC4as_v5"
- AZURE_INSTANCE_SIZES: "Standard_DC2as_v5,Standard_DC4as_v5,Standard_DC8as_v5"
- For TDX:
- AZURE_INSTANCE_SIZE: "Standard_DC4es_v5"
- AZURE_INSTANCE_SIZES: "Standard_DC2es_v5,Standard_DC4es_v5,Standard_DC8es_v5"
All the possible values vary depending on the workload and on the TEE (SEV-SNP or TDX). Summary and links follow.
Summary of VM Series:
| Usage | Local disk | SEV-SNP | TDX |
|---|---|---|---|
| General Purpose | without local disk | DCasv5-series | DCesv5-series |
| General Purpose | with local disk | DCadsv5-series | DCedsv5-series |
| Memory Optimized | without local disk | ECasv5-series | ECesv5-series |
| Memory Optimized | with local disk | ECadsv5-series | ECedsv5-series |
Links to all the available instance sizes:
- SEV-SNP, General Purpose: DCasv5 and DCadsv5-series confidential VMs
- SEV-SNP, Memory Optimized: ECasv5 and ECadsv5-series.
- TDX, General Purpose: DCesv5 and DCedsv5-series.
- TDX, Memory Optimized: ECesv5 and ECedsv5-series confidential VMs
Upstream docs: Select peer-pods machine type
- depends on
-
-
- Closed
-