Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-49352

OpenShift installer fails to create cluster on Azure using confidential VMs

XMLWordPrintable

    • Moderate
    • None
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Installing an OpenShift cluster on Azure with confidential VMs fails with the following error:

time="2025-01-24T12:31:23+01:00" level=error msg="failed to fetch Cluster: failed to generate asset \"Cluster\": failed to create cluster: failed provisioning resources after infrastructure ready: failed to create gallery image version 417.94.20241009: PUT https://management.azure.com/subscriptions/REDACTED/resourceGroups/cctest-8nq9l-rg/providers/Microsoft.Compute/galleries/gallery_cctest_8nq9l/images/cctest-8nq9l-gen2/versions/417.94.20241009\n--------------------------------------------------------------------------------\nRESPONSE 400: 400 Bad Request\nERROR CODE: InvalidParameter\n--------------------------------------------------------------------------------\n{\n  \"error\": {\n    \"code\": \"InvalidParameter\",\n    \"message\": \"Confidential VM is not supported for the source id ''. Currently Snapshot, Disk and VM sources are supported for the Confidential VM security type.\",\n    \"target\": \"galleryImageVersion.properties.storageProfile.osDiskImage.source.id\"\n  }\n}\n--------------------------------------------------------------------------------\n"


The install-config.yaml used is:

apiVersion: v1
baseDomain: REDACTED
controlPlane:
  architecture: amd64
  hyperthreading: Enabled
  name: master
  platform:
    azure:
      type: Standard_DC16ads_v5
      settings:
        securityType: ConfidentialVM
        confidentialVM:
          uefiSettings:
            secureBoot: Disabled
            virtualizedTrustedPlatformModule: Enabled
      osDisk:
        diskSizeGB: 1024
        securityProfile:
          securityEncryptionType: VMGuestStateOnly
  replicas: 3
compute:
  - architecture: amd64
    hyperthreading: Enabled
    name: worker
    platform:
      azure:
        type: Standard_DC16ads_v5
        settings:
          securityType: ConfidentialVM
          confidentialVM:
            uefiSettings:
              secureBoot: Disabled
              virtualizedTrustedPlatformModule: Enabled
        osDisk:
          diskSizeGB: 1024
          securityProfile:
            securityEncryptionType: VMGuestStateOnly
    replicas: 2
metadata:
  name: cctest
networking:
  clusterNetwork:
    - cidr: 10.128.0.0/14
      hostPrefix: 23
  machineNetwork:
    - cidr: 10.0.0.0/16
  networkType: OVNKubernetes
  serviceNetwork:
    - 172.30.0.0/16
platform:
  azure:
    baseDomainResourceGroupName: REDACTED
    region: eastus
    outboundType: Loadbalancer
    cloudName: AzurePublicCloud
pullSecret: 'REDACTED'
sshKey: 'REDACTED'

      Version-Release number of selected component (if applicable):

      4.17.13

      How reproducible:

      100%

      Steps to Reproduce:

          1. Prepare an install-config.yaml to create a cluster on Azure using one of the confidential VM types.
    2. Run the openshift-install create cluster

      Actual results:

      The cluster creation fails.

      Expected results:

      The cluster is successfully created.

      Additional info:

      The OpenShift installer 4.16 and 4.18.0-rc.6 versions successfully create a cluster on Azure using confidential VMs (i.e. using the exact same install-config.yaml provided in the issue description).

              mresvani@redhat.com Michail Resvanis
              mresvani@redhat.com Michail Resvanis
              Gaoyun Pei Gaoyun Pei
              Thomas Huth
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: