Skip to content

Support enabling nesting virtualization for nodes #856

New issue
New issue
Open
Open
Support enabling nesting virtualization for nodes#856

Description

@anbrsap

anbrsap
openedon Oct 1, 2024

How to categorize this issue?

/area control-plane
/kind enhancement
/platform gcp

What would you like to be added:

Enabling nested virtualization for GCP Compute Engine VMs provisioned as shoot cluster nodes should be supported.

It should be configurable for individual worker pools.

Example Shoot manifest fragment:

apiVersion: core.gardener.cloud/v1beta1
kind: Shoot

spec:
  cloudProfileName: gcp
  
  provider:
    type: gcp
    workers:
    - name: pool-1
      machine:
        type: n1-standard-4
        enableNestedVirtualization: true # <---

Why is this needed:

For enhanced security we need to run pods via the Kata Containers container runtime. Kata Containers uses lightweight virtual machines, which require KVM, which requires Intel VT or AMD-V support from the CPUs.

On GCP Compute Engine, (certain) VM instance types do support nested virtualization, but it is disabled by default and needs to be enabled explicitly when required. As gardener-extension-provider-gcp implements node creation on GCP Compute Engine, it should support enabling nested virtualization.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    area/control-planeControl plane relatedkind/enhancementEnhancement, improvement, extensionplatform/gcpGoogle cloud platform/infrastructure

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions