Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

confidential node pool with INTEL TDX not possible #2418

Open
Labels
bugSomething isn't working
@RuiSMagalhaes

Description

@RuiSMagalhaes

TL;DR

provisioning a confidential node pool in europe-west-4 with c3-standard-4 machines result in a error because it tries to useconfidential_instance_type ofSEV. In order to change it to "TDX" we need to addthis option to the modulehere andhere

error:

Error: googleapi: Error 400: Confidential nodes feature is not supported for instance type SEV on machine type c3-standard-4.

Expected behavior

Allow to create node pool with "INTEL TDX"

Observed behavior

Only able to select "SEV" ...

Terraform Configuration

module"netherlands_dev_gke" {source="terraform-google-modules/kubernetes-engine/google//modules/private-cluster"version="v38.0.0"project_id=data.google_client_config.current.projectname="netherlands-${local.env}"description="Netherlands${local.env} k8s cluster. Used mainly for XXXX${local.env} tools/apps/jobs"release_channel="STABLE"gateway_api_channel="CHANNEL_STANDARD"regional=trueremove_default_node_pool=trueinitial_node_count=1region=local.tdx_regionzones=data.google_compute_zones.netherlands.namesnetwork=module.dev_vpc.network_namesubnetwork=module.dev_vpc.subnets["${local.tdx_region}/netherlands-01-private"].namemaster_ipv4_cidr_block="10.10.100.0/28"ip_range_pods="netherlands-01-private-pods"ip_range_services="netherlands-01-private-services"master_authorized_networks=local.master_authorized_networksenable_private_nodes=trueenable_confidential_nodes=truedefault_max_pods_per_node=100http_load_balancing=true#needed for GKE ingress controller and gateway apinetwork_policy=falsefilestore_csi_driver=true#enables EFShorizontal_pod_autoscaling=trueenable_vertical_pod_autoscaling=falseenable_shielded_nodes=truegce_pd_csi_driver=true#Allows the use of persistent GCP disksstateful_ha=false#enhances the availability and reliability of stateful applicationsgcs_fuse_csi_driver=false#Allows the use of local SSD disksmaintenance_start_time="2024-09-16T09:30:00Z"# need to be setup like this. The recurrence will define "when the maintenance happens"maintenance_end_time="2024-09-16T13:30:00Z"# need to be setup like this. The recurrence will define "when the maintenance happens"maintenance_recurrence="FREQ=WEEKLY;BYDAY=MO,WE,FR"notification_config_topic=""# for monitoring purposes at some pointservice_account=module.ms_gke_resources.sa_info["gke"].emailcreate_service_account=falsenode_pools=[    {      name="netherlands-${local.env}-tdx-pool"      machine_type="c3-standard-4"# 4 Vcpus, 16GB memory      node_locations="${data.google_compute_zones.netherlands.names[0]},${data.google_compute_zones.netherlands.names[1]},${data.google_compute_zones.netherlands.names[2]}"      total_min_count=1      total_max_count=1      cpu_cfs_quota=false      pod_pids_limit=0      autoscaling=true      enable_private_nodes=true      spot=false      preemptible=false      disk_size_gb=30      disk_type="pd-balanced"      logging_variant="DEFAULT"      auto_repair=true      auto_upgrade=true      enable_secure_boot=true      max_pods_per_node=100      strategy="BLUE_GREEN"      max_surge=1      max_unavailable=0      location_policy="BALANCED"      enable_confidential_nodes=true      confidential_instance_type="TDX"    },  ]node_pools_labels={    all= local.default_labels    netherlands-dev-tdx-pool= {      default-node-pool=true    }  }node_pools_resource_labels={    all= local.default_labels    netherlands-dev-tdx-pool= {      default-node-pool=true    }  }}

Terraform Version

Terraform v1.13.0on darwin_arm64+ provider registry.terraform.io/hashicorp/google v6.49.0+ provider registry.terraform.io/hashicorp/google-beta v6.49.0+ provider registry.terraform.io/hashicorp/helm v2.15.0+ provider registry.terraform.io/hashicorp/kubernetes v2.32.0+ provider registry.terraform.io/hashicorp/null v3.2.4+ provider registry.terraform.io/hashicorp/random v3.6.3

Terraform Provider Versions

Providers required by configuration:.├── provider[registry.terraform.io/hashicorp/google] 6.49.0├── provider[registry.terraform.io/hashicorp/google-beta] 6.49.0├── provider[registry.terraform.io/hashicorp/kubernetes] 2.32.0├── provider[registry.terraform.io/hashicorp/helm] 2.15.0├── provider[registry.terraform.io/hashicorp/null] 3.2.4├── provider[registry.terraform.io/hashicorp/random] 3.6.3├── module.pg│   ├── provider[registry.terraform.io/hashicorp/null]~> 3.1│   ├── provider[registry.terraform.io/hashicorp/random]~> 3.1│   ├── provider[registry.terraform.io/hashicorp/google]>= 6.1.0,< 7.0.0│   └── provider[registry.terraform.io/hashicorp/google-beta]>= 6.1.0,< 7.0.0├── module.storage_buckets_iam_bindings│   ├── provider[registry.terraform.io/hashicorp/google]>= 3.53.0,< 7.0.0│   └── module.helper├── module.dev_vpc│   ├── provider[registry.terraform.io/hashicorp/google]>= 4.64.0,< 7.0.0│   ├── provider[registry.terraform.io/hashicorp/google-beta]>= 4.64.0,< 7.0.0│   ├── module.firewall_rules│       └── provider[registry.terraform.io/hashicorp/google]>= 3.33.0,< 7.0.0│   ├── module.routes│       └── provider[registry.terraform.io/hashicorp/google]>= 3.83.0,< 7.0.0│   ├── module.subnets│       └── provider[registry.terraform.io/hashicorp/google]>= 4.25.0,< 7.0.0│   └── module.vpc│       ├── provider[registry.terraform.io/hashicorp/google-beta]>= 6.19.0,< 7.0.0│       └── provider[registry.terraform.io/hashicorp/google]>= 6.19.0,< 7.0.0├── module.netherlands_dev_gke│   ├── provider[registry.terraform.io/hashicorp/google]>= 6.42.0,< 7.0.0│   ├── provider[registry.terraform.io/hashicorp/kubernetes]~> 2.10│   └── provider[registry.terraform.io/hashicorp/random]>= 2.1.0├── module.projects_iam_bindings│   ├── provider[registry.terraform.io/hashicorp/google]>= 3.53.0,< 7.0.0│   └── module.helper├── module.cloud_router_london_private│   └── provider[registry.terraform.io/hashicorp/google]>= 4.51.0,< 7.0.0├── module.dev_gke│   ├── provider[registry.terraform.io/hashicorp/google]>= 6.42.0,< 7.0.0│   ├── provider[registry.terraform.io/hashicorp/kubernetes]~> 2.10│   └── provider[registry.terraform.io/hashicorp/random]>= 2.1.0├── module.pg_bigquery_datastream_bff│   └── provider[registry.terraform.io/hashicorp/google]>= 6.27.0├── module.redis_dev│   ├── provider[registry.terraform.io/hashicorp/google]>= 4.74.0,< 7.0.0│   └── module.enable_apis│       ├── provider[registry.terraform.io/hashicorp/google]>= 3.43.0,< 7.0.0│       └── provider[registry.terraform.io/hashicorp/google-beta]>= 3.43.0,< 7.0.0├── module.dev_public_zone│   ├── provider[registry.terraform.io/hashicorp/google]>= 4.40.0,< 7.0.0│   └── provider[registry.terraform.io/hashicorp/google-beta]>= 4.40.0,< 7.0.0└── module.ms_gke_resources    ├── provider[registry.terraform.io/hashicorp/google]>= 6.27.0    └── module.this        ├── provider[registry.terraform.io/hashicorp/google]>= 3.53.0,< 7.0.0        └── module.helperProviders required by state:    provider[registry.terraform.io/hashicorp/google]    provider[registry.terraform.io/hashicorp/google-beta]    provider[registry.terraform.io/hashicorp/helm]    provider[registry.terraform.io/hashicorp/kubernetes]    provider[registry.terraform.io/hashicorp/null]    provider[registry.terraform.io/hashicorp/random]

Additional information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      [8]ページ先頭
      ©2009-2025 Movatter.jp