Support enabling nesting virtualization for nodes #856
Labels
area/control-plane
Control plane related
kind/enhancement
Enhancement, improvement, extension
platform/gcp
Google cloud platform/infrastructure
Comments
gardener-robot
added
area/control-plane
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How to categorize this issue?
/area control-plane
/kind enhancement
/platform gcp
What would you like to be added:
Enabling nested virtualization for GCP Compute Engine VMs provisioned as shoot cluster nodes should be supported.
It should be configurable for individual worker pools.
Example Shoot manifest fragment:
Why is this needed:
For enhanced security we need to run pods via the Kata Containers container runtime. Kata Containers uses lightweight virtual machines, which require KVM, which requires Intel VT or AMD-V support from the CPUs.
On GCP Compute Engine, (certain) VM instance types do support nested virtualization, but it is disabled by default and needs to be enabled explicitly when required. As gardener-extension-provider-gcp implements node creation on GCP Compute Engine, it should support enabling nested virtualization.
The text was updated successfully, but these errors were encountered: