KubeVirt SEV testing - Githubissues

vasiliy-ul commented 1 year ago

First and Last Name

Vasily Ulyanov

Email

vulyanov@suse.de

Company/Organization

SUSE

Job Title

Senior Software Engineer

Project Title (i.e., a summary of what do you want to do, not what is the name of the open source project you're working with)

KubeVirt SEV testing

Briefly describe the project (i.e., what is the detail of what you're planning to do with these servers?)

KubeVirt is a virtual machine management add-on for Kubernetes. Secure Encrypted Virtualization (SEV) is a feature of AMD's EPYC CPUs that allows the memory of a virtual machine to be encrypted on the fly. We are working on enabling confidential computing support for KubeVirt VMs with AMD SEV. The status of the enablement is tracked at https://github.com/kubevirt/kubevirt/issues/6991.

We would like to use the Community Lab infrastructure in the project's CI in order to run end-to-end tests with encrypted VMs. Currently, we have the following test-cases that require SEV hardware:

Start an SEV guest, verify it is up and running, check from the guest that SEV is enabled
Start an SEV-ES guest, verify it is up and running, check from the guest that SEV-ES is enabled
Run the complete pre-attestation flow with an SEV guest

Is the code that you’re going to run 100% open source? If so, what is the URL or URLs where it is located? What is your association with that project?

Yes. KubeVirt is a CNCF project. Please check for additional info:

I am one of the KubeVirt mainteiners.

What kind of machines and how many do you expect to use (see: https://metal.equinix.com/product/servers/)?

We need a machine with AMD EPYC CPU, capable of running SEV and SEV-ES workloads. Presumably one of those:

What operating system and networking are you planning to use?

Linux

Any other relevant details we should know about?

vasiliy-ul commented 1 year ago

/cc @aburdenthehand, @alicefr, @rmohr, @xpivarc

caniszczyk commented 1 year ago

+1 cc: @jeefy

vasiliy-ul commented 1 year ago

Gentle ping here. Any update?

idvoretskyi commented 2 months ago

@vasiliy-ul apologies for the delay. Is this request still valid?

vasiliy-ul commented 1 month ago

Yeah, this request was raised quite a while ago. We will probably need to re-evaluate our current hw requirements to potentially also include SNP. Will close this for now.

cncf / cluster

KubeVirt SEV testing #217

First and Last Name

Email

Company/Organization

Job Title

Project Title (i.e., a summary of what do you want to do, not what is the name of the open source project you're working with)

Briefly describe the project (i.e., what is the detail of what you're planning to do with these servers?)

Is the code that you’re going to run 100% open source? If so, what is the URL or URLs where it is located? What is your association with that project?

What kind of machines and how many do you expect to use (see: https://metal.equinix.com/product/servers/)?

What operating system and networking are you planning to use?

Any other relevant details we should know about?