search

confidential-containers / cloud-api-adaptor

Ability to create Kata pods using cloud provider APIs aka the peer-pods approach
Apache License 2.0
47 stars 79 forks source link

Testing CAA + Azure with non-confidential VM documentation #1742

Open cmaf opened 6 months ago

cmaf commented 6 months ago

In the steps found here, when populating the kustomization.yaml file, it is suggested for non-Confidential VMs to use AZURE_INSTANCE_SIZE="Standard_D2as_v5". This yields the following error: 

RESPONSE 400: 400 Bad Request
ERROR CODE: BadRequest
--------------------------------------------------------------------------------
{
  "error": {
    "code": "BadRequest",
    "message": "The VM size 'Standard_D2as_v5' is not supported for creation of VMs and Virtual Machine Scale Set with 'ConfidentialVM' security type and managedDisk.securityProfile.securityEncryptionType set as 'VMGuestStateOnly'"
  }
}

Is there a way to modify security type and disk security encryption type?

If it matters, I'm using the following:

AZURE_REGION="eastus"
CAA_BRANCH="main"
AZURE_IMAGE_ID=/CommunityGalleries/cocopodvm-d0e4f35f-5530-4b9c-8596-112487cdea85/Images/podvm_image0/Versions/2024.03.05
CAA_TAG=e190fed408166fce6f719e29c99a6795e77f3156
cmaf commented 6 months ago

Update: I was able to start a non-confidential VM by adding - DISABLECVM="true" to kustomization.yaml. It may be helpful to have this step added to that specific document.

cmaf commented 6 months ago

Maybe @surajssd, is there somewhere I can make a request to update to documentation on the website? Where do those PRs go?

surajssd commented 6 months ago

@cmaf docs website issues and code lives here: https://github.com/confidential-containers/confidentialcontainers.org.

What we need is a "reference documentation" about all the parameters that can be provided for each provider. The thing is the current docs act as quick start and not intended to accommodate all use-cases because that can be confusing for new people.