This is a clone of issue OCPBUGS-55772. The following is the description of the original issue:
—
Description of problem:
Detected some new vm sizes during 4.16 testing, those are confidential vm supported, and its ConfidentialComputingType is 'Intel TDX', see azure doc[1] - DCesv5-series - DCedsv5-series - ECesv5-series - ECedsv5-series e.g: $ az vm list-skus -l westeurope --size Standard_DC8eds_v5 --query "[].capabilities[?name=='ConfidentialComputingType'].value" -otsv TDX When creating cluster on those vm sizes and enabling confidential settings in install-config, continued creating manifests and got below error: install-config: =============== compute: - architecture: amd64 hyperthreading: Enabled name: worker platform: azure: type: Standard_DC4es_v5 settings: securityType: ConfidentialVM confidentialVM: uefiSettings: secureBoot: Enabled virtualizedTrustedPlatformModule: Enabled osDisk: securityProfile: securityEncryptionType: VMGuestStateOnly replicas: 3 controlPlane: architecture: amd64 hyperthreading: Enabled name: master platform: azure: type: Standard_DC8eds_v5 settings: securityType: ConfidentialVM confidentialVM: uefiSettings: secureBoot: Enabled virtualizedTrustedPlatformModule: Enabled osDisk: securityProfile: securityEncryptionType: VMGuestStateOnly replicas: 3 $ ./openshift-install create manifests --dir ipi INFO Credentials loaded from file "/home/fedora/.azure/osServicePrincipal.json" ERROR failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: [controlPlane.platform.azure.settings.securityType: Invalid value: "ConfidentialVM": this security type is not supported for instance type Standard_DC8eds_v5, no support for AMD-SEV SNP, compute[0].platform.azure.settings.securityType: Invalid value: "ConfidentialVM": this security type is not supported for instance type Standard_DC4es_v5, no support for AMD-SEV SNP] From installer code[2], seems only consider ConfidentialComputingType as SNP. [1] https://learn.microsoft.com/en-us/azure/confidential-computing/virtual-machine-options#sizes [2] https://github.com/openshift/installer/blob/master/pkg/asset/installconfig/azure/validation.go#L220
Version-Release number of selected component (if applicable):
4.16 nightly build
How reproducible:
always
Steps to Reproduce:
1. prepare install-config, enabling confidential settings, and set vm size to confidential vm supported and its ConfidentialComputingType is 'Intel TDX' 2. create cluster 3.
Actual results:
fail to create manifests
Expected results:
cluster installation succeeded
Additional info:
- clones
-
OCPBUGS-55772 [azure] fail to create cluster on confidential vm size with ConfidentialComputingType:TDX
-
- Verified
-
- is blocked by
-
-
- Verified
-
