Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable submitting shielded instance configs for VMs #135

Merged
merged 2 commits into from
Dec 6, 2024
Merged

Enable submitting shielded instance configs for VMs #135

merged 2 commits into from
Dec 6, 2024

Conversation

MrBatschner
Copy link
Contributor

What this PR does / why we need it:

This PR adds support to provide a shieldedInstanceConfig for GCE VMs to be able to control the Shielded Instance Settings vTPM, IntegrityMonitoring (both enable by default if a GCE VM is booted from an image that is UEFI_COMPATIBLE) and secureBoot(which needs to be explicitly enabled).

In order to allow be able to support secure boot enabled operaing systems on GCP, MCM provider GCP should be able to provide a shieldedInstanceConfig to GCP if the machineClass asks for it.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Release note:

MCM provider GCP is able to provide the values for a `shieldedInstanceConfiguration` from a machineClass to the GCP API.

@MrBatschner MrBatschner requested review from a team as code owners December 2, 2024 14:53
@gardener-robot gardener-robot added needs/review Needs review size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) labels Dec 2, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Dec 2, 2024
rishabh-11
rishabh-11 requested changes Dec 5, 2024
View reviewed changes
Copy link
Contributor

@rishabh-11 rishabh-11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR. One review comment:-

Can you please update the kubernetes/machineclass.yaml file with shieldedInstanceConfiguration in the providerSpec as comments?

@gardener-robot gardener-robot added the needs/changes Needs (more) changes label Dec 5, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 5, 2024
@MrBatschner
Copy link
Contributor Author

MrBatschner commented Dec 5, 2024
edited
Loading

Thanks for the PR. One review comment:-

Can you please update the kubernetes/machineclass.yaml file with shieldedInstanceConfiguration in the providerSpec as comments?

Addressed in d26b94b, PTAL.

@gardener-robot-ci-2 gardener-robot-ci-2 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 5, 2024
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 5, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 5, 2024
rishabh-11
rishabh-11 approved these changes Dec 6, 2024
View reviewed changes
Copy link
Contributor

@rishabh-11 rishabh-11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/changes Needs (more) changes needs/review Needs review labels Dec 6, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Dec 6, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Dec 6, 2024
@rishabh-11 rishabh-11 merged commit 98ad1de into gardener:master Dec 6, 2024
7 checks passed
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Dec 6, 2024
@MrBatschner MrBatschner deleted the secureboot branch December 6, 2024 09:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rishabh-11 rishabh-11 rishabh-11 approved these changes

Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/lgtm Has approval for merging size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@MrBatschner @rishabh-11 @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot