Closed annerajb closed 3 years ago
Confidential SKUs are not supported yet, but this is in our backlog.
Can the cloud init/ cluster-provisioning extension be fixed so that it does not break / halt the node creation process at least? Right now specifying any confidential compute SKU would make the nodepool / vmss fail with that error. (Took 3 days to figure out and azure support was clueless on the missing support on aks)
On Fri, May 15, 2020, 10:01 AM Sean McKenna notifications@github.com wrote:
Confidential SKUs are not supported yet, but this is in our backlog.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Azure/AKS/issues/1608#issuecomment-629253044, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGXQXULSSBIZYYAH3L5JH3RRVDMJANCNFSM4NBIMCQQ .
FYI:
Modifying
SGX_DRIVER_URL=https://download.01.org/intel-sgx/dcap-1.2/linux/dcap_installers/ubuntuServer16.04/sgx_linux_x64_driver_1.12_c110012.bin
to
SGX_DRIVER_URL=https://download.01.org/intel-sgx/sgx-dcap/1.6/linux/distro/ubuntuServer16.04/sgx_linux_x64_driver_1.33.bin
or
https://download.01.org/intel-sgx/sgx-dcap/1.3/linux/distro/ubuntuServer16.04/sgx_linux_x64_driver_1.13.bin
Allow it to compile fine
Made a pull request fixing script (i think) https://github.com/Azure/AgentBaker/pull/55
@annerajb we made an announcement in MS Build today for ACC Node Pools support on AKS . You can join our preview if you are interested by submitting this form https://aka.ms/accakspreview
This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.
@sakthi-vetrivel this can be closed as confidential computing SKU's are now supported on AKS https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-overview
What happened: Cannot Create Nodepools or AKS cluster with Confidential Compute / SGX VM's What you expected to happen: Nodepool to be composed of Confidential Compute up to my Subscription Quota. How to reproduce it (as minimally and precisely as possible):
Then add nodepool
Nodepool fails on CLI with super obscure error. (Resource group deployment shows extension deployment/install to VMSS instance failed. more specifically the SGX Extension failed to compile with a Kernel Build error.
Tried on both Ubuntu 16.04 and the new Preview of Ubuntu 18.04 and also Kubernetes 1.16.7 and 1.17
I could not find a way to create a nodepool with Ubuntu 18.04 Preview since the
aks-custom-headers
flag is new and only appears to exist onaz aks create
Also a confidential compute instance cannot be used for the main node pool (which makes sense)
Anything else we need to know?: Output of error when the SGX Kernel Driver is ran by the VMSS Extension this was found on the /var/log/azure/cluster-provisioning.log which said to look at the /var/lib/dkms/sgx/1.12/build/make.log
Environment:
kubectl version
):