Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support confidential nodepools #1386

Closed
jawnsy opened this issue Sep 3, 2022 · 7 comments · Fixed by #2110
Closed

Support confidential nodepools #1386

jawnsy opened this issue Sep 3, 2022 · 7 comments · Fixed by #2110
Labels
enhancement New feature or request good first issue Good for newcomers P3 medium priority issues triaged Scoped and ready for work

Comments

@jawnsy
Copy link

jawnsy commented Sep 3, 2022

TL;DR

We currently support confidential clusters (a cluster-level setting that enforces that all nodepools are confidential VMs), but do not support the setting at a per-nodepool level. We could add a new node_pool setting (e.g. enable_confidential_nodes) to enable this on a per-nodepool basis, similar to the enable_secure_boot setting)

Terraform Resources

No response

Detailed design

No response

Additional information

GKE supports mixed clusters where some nodepools are confidential instances (n2d or c2d) but others run on other instances (n1, n2, c2, t2d), but the submodule does not support this.
@jawnsy jawnsy added the enhancement New feature or request label Sep 3, 2022
@bharathkkb
Copy link
Member

@jawnsy happy to review a PR exposing this!

@bharathkkb bharathkkb added good first issue Good for newcomers P3 medium priority issues triaged Scoped and ready for work labels Sep 7, 2022
@maksym-kursin
Copy link

maksym-kursin commented Feb 15, 2023
edited
Loading

It seems impossible to implement it right now because a confidential node is not supported by google_container_node_pool resource.

Here is the related provider issue: hashicorp/terraform-provider-google#13127

abhikaddy added a commit to abhikaddy/terraform-google-kubernetes-engine that referenced this issue Oct 1, 2023
@abhikaddy
Fixes terraform-google-modules#1386: Support confidential nodepools
d683e56
abhikaddy added a commit to abhikaddy/terraform-google-kubernetes-engine that referenced this issue Oct 1, 2023
@abhikaddy
feat: Support confidential nodepools terraform-google-modules#1386
0d01b08
abhikaddy added a commit to abhikaddy/terraform-google-kubernetes-engine that referenced this issue Oct 1, 2023
@abhikaddy
feat: Support confidential nodepools terraform-google-modules#1386
a5b53fe
@abhikaddy abhikaddy mentioned this issue Oct 1, 2023
Closed
@DrFaust92
Copy link
Contributor

@apeabody, I think this can be closed as its supported already

@apeabody
Copy link
Contributor

Thanks, added in #1815

@redoak666
Copy link
Contributor

#1815 does not include support for nodepool level enablement of confidential nodes, only cluster level is supported
#1756 is the correct fix, but NOT merged

@redoak666
Copy link
Contributor

as of today, the latest release v32.0.4 lacks of capability of nodepool level enablement of confidential nodes

@redoak666
Copy link
Contributor

Since v30 is the release that confidential node goes GA, can this confidential nodepool support backported to v30?

@t-indumathy t-indumathy mentioned this issue Sep 23, 2024
Merged
@apeabody apeabody reopened this Oct 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers P3 medium priority issues triaged Scoped and ready for work
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: added confidential-nodes flag for node-pools t-indumathy/terraform-google-kubernetes-engine
6 participants
@jawnsy @bharathkkb @apeabody @redoak666 @DrFaust92 @maksym-kursin