Add support for Nested Virtualization

[klakin-pivotal]

What Add support for Nested Virtualization on the Google CPI.

Why While one can load the kvm module in a Bosh-deployed VM hosted on GCP, this doesn't actually enable the CPU capability passthrough that lets one run nested virtualization workloads on said VM. Some special configuration needs to be done (and restrictions needs to be respected) that are best done by the CPI.

Both the vSphere (by way of a configuration option) and the OpenStack (because -as far as I know- it's always on) CPIs can run nested virtualization workloads. It would be good to add another IAAS to the list of IAASs that Bosh can use for Nested Virtualization workloads.

Additional Information and Speculation A few years back, Google added support for the CPU capability passthrough that permits properly-configured GCP Instances to run nested virtualization workloads, but the CPI doesn't appear to support this capability. (See these docs for some more info, and constraints that must be satisfied to use Nested Virtualization on GCP: https://cloud.google.com/compute/docs/instances/nested-virtualization/overview)

I suspect that the reason the CPI doesn't support this is that Google stopped actively supporting the CPI a little while before GCP did the things required to permit nested virtualization workloads. I've manually run KVM-accelerated qemu on a GCP VM in the past, so it should be possible for the CPI to do what I did.

[rkoster]

It seems like it can be set via compute.Instance.AdvancedMachineFeatures.EnableNestedVirtualization: https://pkg.go.dev/google.golang.org/api/compute/v1?utm_source=godoc#AdvancedMachineFeatures

Which should be set here: https://github.com/cloudfoundry/bosh-google-cpi-release/blob/master/src/bosh-google-cpi/google/instance_service/google_instance_service_create.go#L73-L88

[bosh-admin-bot]

This issue was marked as Stale because it has been open for 21 days without any activity. If no activity takes place in the coming 7 days it will automatically be close. To prevent this from happening remove the Stale label or comment below.

[bosh-admin-bot]

This issue was closed because it has been labeled Stale for 7 days without subsequent activity. Feel free to re-open this issue at any time by commenting below.