Support SEV_SNP instance type configuration

[bgartzi]

/kind feature

What this PR does / why we need it:
Only SEV machines could be configured by using the former
confidentialCompute Enabled/Disabled. GCP allows now to also configure
the confidential instance type as well by using the appropriate
parameter, see [0].

This commit introduces confidentialInstanceType, which lets users choose
between sev or sev-snp as their confidential computing technology of
choice.

Meanwhile, add c3d as a machine that supports AMD SEV.

[0] https://cloud.google.com/confidential-computing/confidential-vm/docs/create-a-confidential-vm-instance#rest

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #1402

Special notes for your reviewer:
confidentialInstanceType overrides confidentialCompute. This was due to these reasons:

• Backwards compatibility.
• Imitating the gcp compute API behavior.

Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

TODOs:

• squashed commits
• includes documentation
• adds unit tests

Release note:

Add confidentialInstanceType to the API

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: bgartzi / name: Beñat Gartzia (ff8cf8e)

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: bgartzi
Once this PR has been reviewed and has the lgtm label, please assign chrischdi for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Welcome @bgartzi!

It looks like this is your first PR to kubernetes-sigs/cluster-api-provider-gcp 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/cluster-api-provider-gcp has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @bgartzi. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[netlify]

✅ Deploy Preview for kubernetes-sigs-cluster-api-gcp ready!

Name	Link
🔨 Latest commit	ff8cf8e
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-cluster-api-gcp/deploys/679ba30bfa9b0700084c6dd0
😎 Deploy Preview	https://deploy-preview-1410--kubernetes-sigs-cluster-api-gcp.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[damdo]

/ok-to-test

[bgartzi]

/retest

[damdo]

First pass on the API design, left some comments

[damdo]

I think it is better to use the fully typed out version of this, so
ConfidentialVMTechnologySEV and ConfidentialVMTechnologySEVSNP

[bgartzi]

Noted.

[bgartzi]

Adressed in the last pushed version.

[damdo]

Looking at this condition, and considering what we stated in the API above, I'm not sure this is the best approach we could take.

Looking deeper at what we are trying to set here, it seems like we trying to build up the underlying GCP
compute.ConfidentialInstanceConfig field in the compute/instance GCP SDK API.

Which is defined here: https://pkg.go.dev/google.golang.org/api/compute/v1#ConfidentialInstanceConfig

So we are trying to set these two fields:

type ConfidentialInstanceConfig struct {
// ConfidentialInstanceType: Defines the type of technology used by the
	// confidential instance.
	//
	// Possible values:
	//   "CONFIDENTIAL_INSTANCE_TYPE_UNSPECIFIED" - No type specified. Do not use
	// this value.
	//   "SEV" - AMD Secure Encrypted Virtualization.
	//   "SEV_SNP" - AMD Secure Encrypted Virtualization - Secure Nested Paging.
	//   "TDX" - Intel Trust Domain eXtension.
	ConfidentialInstanceType [string](https://pkg.go.dev/builtin#string) `json:"confidentialInstanceType,omitempty"`
	// EnableConfidentialCompute: Defines whether the instance should have
	// confidential compute enabled.
	EnableConfidentialCompute [bool](https://pkg.go.dev/builtin#bool) `json:"enableConfidentialCompute,omitempty"`
[...]
}

and since I don't see any mention on the ConfidentialInstanceType taking precedence over EnableConfidentialCompute, I assume the latter takes the overall precedence and flicks the switch on whether or not the whole feature is enabled or not.

As such I think we should do the same.

• ConfidentialCompute = enabled, ConfidentialInstanceType not set => enable, default confidential instance type
• ConfidentialCompute = disabled, ConfidentialInstanceType not set => disable
• ConfidentialCompute = disabled, ConfidentialInstanceType set, fail webhooks validation (we could also have a discriminated union here I think, but it might break the existing API, so we could leverage the WH)
• ConfidentialCompute = unknown, ConfidentialInstanceType not set => disable
• ConfidentialCompute = unknown, ConfidentialInstanceType set => fail webhooks validation (as the default for unknown is disabled).

cc. @JoelSpeed for API expertise.

[JoelSpeed]

I agree with Dam, if we already have an api that controls this enablement, having a second field that implicitly enables the feature is not good. It should be a validation error for the instance type to exist when confidential compute is disabled, as mentioned by Dam

[bgartzi]

Yes, I agree with both of you. That would make more sense than the implementation I provided in this draft.
However, even if not documented explicitly that way, that's how the compute api behaves. I know after trying. I know it's a weak excuse, but I thought there might have been some reason for that, as it makes the former EnableConfidentialComputing somewhat redundant.
That's why I decided to propose this as the first draft; an API that behaved as the compute api did, and decide if the true-to-the-backend or behavior we all would expect was the correct one.
Now, if we all agree on the proposed implementation instead, I will provide the changes, I hope that soon.

[damdo]

Hey @bgartzi thanks for providing details on how the GCP compute API behaves.
I still think that our API should behave the way we all expect it to in this case, even if the GCP API doesn't. Our won't be surprising as users will be prompted by webhook failures that inform them why it didn't go through.

[bgartzi]

I just updated the API design and the webhook implementation (+tests) according to the design agreed in the comments above.

[JoelSpeed]

Kube conventions state that enum values should be PascalCase. What does sev and sev-snp actually mean? These aren't particularly expressive and might be hard for a consumer of this API to understand which value they may want

[bgartzi]

And yes, I also agree with you on this: those names aren't expressive at all. They are acronyms that stand for AMD's "Secure Encrypted Virtualization" [0] and "Secure Encrypted Virtualization - Secure Nested Paging" [1].

However, using the short acronyms instead seem to be a standard. One example that comes in handy is the compute API documentation and supported values for the confidential instance type field [2] (as referenced in the comment above). Even after reading the GCloud documentation[3], users might expect to find SEV/SEVSNP? I'm not personally sure.

Checking on how acronyms are written in pascalcase, would Sev/SevSnp + an expansion on the documentation work for you? Or would you rather go for the whole SecureEncryptedVirtualization/Secure EncryptedVirtualizationSecureNestedPaging combo?

[0] https://www.amd.com/es/developer/sev.html
[1] https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf
[2] https://pkg.go.dev/google.golang.org/api/compute/v1#ConfidentialInstanceConfig
[3] https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview

[JoelSpeed]

What about renaming the field secureInstanceEncryptionType and having values of Virtualization and VirtualizationWithNestedPaging? They would be fairly descriptive and flow right?

[bgartzi]

Regarding secureInstanceEncryptionType, I think it would be harder from users coming from the GCloud documentation to find the proper field name, and vice versa.
In terms of the supported values, the problem I see on mentioning virtualization is that most of the proposed confidential computing technologies are based on virtualization (probably all except for intel's sgx?). As these are AMD's solutions, intel has their own (TDX) and other architectures as ARM (CCA), also do (although it hasn't made it to GCP yet). Yes, Virtualization is only referred from SEV's name currently. But I think calling it Virtualization could also bring some confusion, as it could refer to AMD's SEV as to any other confidential computing solution.
Although cryptic, these names are basically trademarks, so I think it's way to make sure they will exclude each other. I also have to admit I'm for sure biased as those are the ways I see these technologies are referenced in documentation/news and that I don't have many new ideas to propose at this moment.

[bgartzi]

After thinking about this a little bit more, what do you think about keeping confidentialInstanceType and admitting the following values:

• EncryptedVirtualizationSev
• EncryptedNestedPagingSevsnp

And possibly upcoming ones:

• TrustedDomainTdx

A bit too repetitive perhaps?

[bgartzi]

I haven't addressed this in the last force-pushed version of the patch. I will be happy to do so when we reach an agreement.

[uril]

Thanks @bgartzi for adding SEV_SNP support.

I think this can be shorten to: if tech == nil || *tech == "" {

[bgartzi]

Thanks @uril! Well noted. I will apply this on the next proposal.

[bgartzi]

I couldn't address it (explicitly) as the API design change made update this piece of code. However, I took it into account in the new conditions I had to write, thanks!

[bgartzi]

@damdo, @JoelSpeed, @uril thanks a lot for the quick review! I will try to update the PR as soon as I confirm some of the questions.

[bgartzi]

Yes, I agree with both of you. That would make more sense than the implementation I provided in this draft.
However, even if not documented explicitly that way, that's how the compute api behaves. I know after trying. I know it's a weak excuse, but I thought there might have been some reason for that, as it makes the former EnableConfidentialComputing somewhat redundant.
That's why I decided to propose this as the first draft; an API that behaved as the compute api did, and decide if the true-to-the-backend or behavior we all would expect was the correct one.
Now, if we all agree on the proposed implementation instead, I will provide the changes, I hope that soon.

[bgartzi]

And yes, I also agree with you on this: those names aren't expressive at all. They are acronyms that stand for AMD's "Secure Encrypted Virtualization" [0] and "Secure Encrypted Virtualization - Secure Nested Paging" [1].

However, using the short acronyms instead seem to be a standard. One example that comes in handy is the compute API documentation and supported values for the confidential instance type field [2] (as referenced in the comment above). Even after reading the GCloud documentation[3], users might expect to find SEV/SEVSNP? I'm not personally sure.

Checking on how acronyms are written in pascalcase, would Sev/SevSnp + an expansion on the documentation work for you? Or would you rather go for the whole SecureEncryptedVirtualization/Secure EncryptedVirtualizationSecureNestedPaging combo?

[0] https://www.amd.com/es/developer/sev.html
[1] https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf
[2] https://pkg.go.dev/google.golang.org/api/compute/v1#ConfidentialInstanceConfig
[3] https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview

[bgartzi]

Noted.

[bgartzi]

Thanks @uril! Well noted. I will apply this on the next proposal.