-
Feature
-
Resolution: Done
-
Major
-
None
-
Product / Portfolio Work
-
-
0% To Do, 0% In Progress, 100% Done
-
False
-
-
False
-
None
-
None
-
-
None
-
None
-
None
-
-
None
-
Feature Overview (aka. Goal Summary)
Enable OpenShift to be deployed on Confidential VMs on GCP using Intel TDX technology
Goals (aka. expected user outcomes)
Users deploying OpenShift on GCP can choose to deploy Confidential VMs using Intel TDX technology to rely on confidential computing to secure the data in use
Requirements (aka. Acceptance Criteria):
As a user, I can choose OpenShift Nodes to be deployed with the Confidential VM capability on GCP using Intel TDX technology at install time
Anyone reviewing this Feature needs to know which deployment configurations that the Feature will apply to (or not) once it's been completed. Describe specific needs (or indicate N/A) for each of the following deployment scenarios. For specific configurations that are out-of-scope for a given release, ensure you provide the OCPSTRAT (for the future to be supported configuration) as well.
| Deployment considerations | List applicable specific needs (N/A = not applicable) |
| Self-managed, managed, or both | |
| Classic (standalone cluster) | |
| Hosted control planes | |
| Multi node, Compact (three node), or Single node (SNO), or all | |
| Connected / Restricted Network | |
| Architectures, e.g. x86_x64, ARM (aarch64), IBM Power (ppc64le), and IBM Z (s390x) | |
| Operator compatibility | |
| Backport needed (list applicable versions) | |
| UI need (e.g. OpenShift Console, dynamic plugin, OCM) | |
| Other (please specify) |
Background
This is a piece of a higher-level effort to secure data in use with OpenShift on every platform
Documentation Considerations
Documentation on how to use this new option must be added as usual
- depends on
-
COS-3111 [coreos/fedora-coreos-tracker] Support `Intel TDX` instances on GCP
-
- Closed
-
-
OCPBUGS-53096 [multus-additional-cni-plugins][4.19] egress-router-binary-copy runs on a 4.16 based image
-
- Closed
-
- links to
