cluster icon indicating copy to clipboard operation
cluster copied to clipboard
verified publisher icon cncf

KubeVirt SEV testing

Open vasiliy-ul opened this issue 3 years ago • 4 comments

First and Last Name

Vasily Ulyanov

Email

[email protected]

Company/Organization

SUSE

Job Title

Senior Software Engineer

Project Title (i.e., a summary of what do you want to do, not what is the name of the open source project you're working with)

KubeVirt SEV testing

Briefly describe the project (i.e., what is the detail of what you're planning to do with these servers?)

KubeVirt is a virtual machine management add-on for Kubernetes. Secure Encrypted Virtualization (SEV) is a feature of AMD's EPYC CPUs that allows the memory of a virtual machine to be encrypted on the fly. We are working on enabling confidential computing support for KubeVirt VMs with AMD SEV. The status of the enablement is tracked at https://github.com/kubevirt/kubevirt/issues/6991.

We would like to use the Community Lab infrastructure in the project's CI in order to run end-to-end tests with encrypted VMs. Currently, we have the following test-cases that require SEV hardware:

  • Start an SEV guest, verify it is up and running, check from the guest that SEV is enabled
  • Start an SEV-ES guest, verify it is up and running, check from the guest that SEV-ES is enabled
  • Run the complete pre-attestation flow with an SEV guest

Is the code that you’re going to run 100% open source? If so, what is the URL or URLs where it is located? What is your association with that project?

Yes. KubeVirt is a CNCF project. Please check for additional info:

  • https://www.cncf.io/projects/kubevirt/
  • https://kubevirt.io/
  • https://github.com/kubevirt/

I am one of the KubeVirt mainteiners.

What kind of machines and how many do you expect to use (see: https://metal.equinix.com/product/servers/)?

We need a machine with AMD EPYC CPU, capable of running SEV and SEV-ES workloads. Presumably one of those:

What operating system and networking are you planning to use?

Linux

Any other relevant details we should know about?

vasiliy-ul avatar Sep 06 '22 12:09 vasiliy-ul

/cc @aburdenthehand, @alicefr, @rmohr, @xpivarc

vasiliy-ul avatar Sep 06 '22 12:09 vasiliy-ul

+1 cc: @jeefy

caniszczyk avatar Sep 11 '22 12:09 caniszczyk

Gentle ping here. Any update?

vasiliy-ul avatar Nov 22 '22 06:11 vasiliy-ul

@vasiliy-ul apologies for the delay. Is this request still valid?

idvoretskyi avatar May 03 '24 11:05 idvoretskyi

Yeah, this request was raised quite a while ago. We will probably need to re-evaluate our current hw requirements to potentially also include SNP. Will close this for now.

vasiliy-ul avatar May 15 '24 16:05 vasiliy-ul