-
Bug
-
Resolution: Duplicate
-
Normal
-
None
-
4.17
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
Moderate
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
Installing an OpenShift cluster on Azure with confidential VMs fails with the following error:
time="2025-01-24T12:31:23+01:00" level=error msg="failed to fetch Cluster: failed to generate asset \"Cluster\": failed to create cluster: failed provisioning resources after infrastructure ready: failed to create gallery image version 417.94.20241009: PUT https://management.azure.com/subscriptions/REDACTED/resourceGroups/cctest-8nq9l-rg/providers/Microsoft.Compute/galleries/gallery_cctest_8nq9l/images/cctest-8nq9l-gen2/versions/417.94.20241009\n--------------------------------------------------------------------------------\nRESPONSE 400: 400 Bad Request\nERROR CODE: InvalidParameter\n--------------------------------------------------------------------------------\n{\n \"error\": {\n \"code\": \"InvalidParameter\",\n \"message\": \"Confidential VM is not supported for the source id ''. Currently Snapshot, Disk and VM sources are supported for the Confidential VM security type.\",\n \"target\": \"galleryImageVersion.properties.storageProfile.osDiskImage.source.id\"\n }\n}\n--------------------------------------------------------------------------------\n"
The install-config.yaml used is:
apiVersion: v1
baseDomain: REDACTED
controlPlane:
architecture: amd64
hyperthreading: Enabled
name: master
platform:
azure:
type: Standard_DC16ads_v5
settings:
securityType: ConfidentialVM
confidentialVM:
uefiSettings:
secureBoot: Disabled
virtualizedTrustedPlatformModule: Enabled
osDisk:
diskSizeGB: 1024
securityProfile:
securityEncryptionType: VMGuestStateOnly
replicas: 3
compute:
- architecture: amd64
hyperthreading: Enabled
name: worker
platform:
azure:
type: Standard_DC16ads_v5
settings:
securityType: ConfidentialVM
confidentialVM:
uefiSettings:
secureBoot: Disabled
virtualizedTrustedPlatformModule: Enabled
osDisk:
diskSizeGB: 1024
securityProfile:
securityEncryptionType: VMGuestStateOnly
replicas: 2
metadata:
name: cctest
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
machineNetwork:
- cidr: 10.0.0.0/16
networkType: OVNKubernetes
serviceNetwork:
- 172.30.0.0/16
platform:
azure:
baseDomainResourceGroupName: REDACTED
region: eastus
outboundType: Loadbalancer
cloudName: AzurePublicCloud
pullSecret: 'REDACTED'
sshKey: 'REDACTED'
Version-Release number of selected component (if applicable):
4.17.13
How reproducible:
100%
Steps to Reproduce:
1. Prepare an install-config.yaml to create a cluster on Azure using one of the confidential VM types.
2. Run the openshift-install create cluster
Actual results:
The cluster creation fails.
Expected results:
The cluster is successfully created.
Additional info:
The OpenShift installer 4.16 and 4.18.0-rc.6 versions successfully create a cluster on Azure using confidential VMs (i.e. using the exact same install-config.yaml provided in the issue description).
- duplicates
-
-
- Closed
-