CORS-4188: AWS - Add support to AMD SEV-SNP confidential VMs #10012

fangge1212 · 2025-10-11T08:28:02Z

This PR adds support to AMD SEV-SNP confidential VMs on AWS platform.
Related PRs:
openshift/api: openshift/api#2424
machine-api-operator: openshift/machine-api-operator#1420
machine-api-provider-aws: openshift/machine-api-provider-aws#141
upstream: kubernetes-sigs/cluster-api-provider-aws#5605

openshift-ci-robot · 2025-10-11T08:28:08Z

@fangge1212: This pull request references CORS-4188 which is a valid jira issue.

In response to this:

This PR adds support to AMD SEV-SNP confidential VMs on AWS platform.
Related PRs:
openshift/api: openshift/api#2424
machine-api-operator: openshift/machine-api-operator#1420
machine-api-provider-aws: openshift/machine-api-provider-aws#141
upstream: kubernetes-sigs/cluster-api-provider-aws#5605

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

fangge1212 · 2025-10-16T02:31:22Z

/hold
The current openshift/api requires a client-go version that requires k8s.io/apimachinery v0.33. k8s.io/apimachinery v0.33 requires cluster-api v1.11.

fangge1212 · 2025-10-16T03:30:45Z

/hold The current openshift/api requires a client-go version that requires k8s.io/apimachinery v0.33. k8s.io/apimachinery v0.33 requires cluster-api v1.11.

When I tried to bump openshift/client-go to db0dee36 and cluster-api to v1.11.2, I encountered more dependency issues:
$ go get github.com/openshift/client-go@c2dfb51e

$ (edit go.mod to remove the replace lines for k83.io/apimachinery and cluster-api)

$ go mod tidy
go: downloading sigs.k8s.io/cluster-api v1.11.2
go: downloading github.com/coredns/corefile-migration v1.0.28
go: downloading golang.org/x/term v0.33.0
go: downloading github.com/spf13/pflag v1.0.7
go: downloading github.com/go-logr/logr v1.4.3
go: downloading golang.org/x/tools v0.34.0
go: downloading k8s.io/apiextensions-apiserver v0.33.3
go: downloading golang.org/x/mod v0.25.0
go: downloading github.com/onsi/gomega v1.38.0
go: downloading golang.org/x/net v0.42.0
go: downloading golang.org/x/crypto v0.40.0
go: downloading golang.org/x/oauth2 v0.30.0
go: downloading google.golang.org/grpc v1.71.3
go: downloading google.golang.org/protobuf v1.36.6
go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0
go: downloading k8s.io/cluster-bootstrap v0.33.3
go: finding module for package sigs.k8s.io/cluster-api/exp/ipam/api/v1beta1
go: finding module for package sigs.k8s.io/cluster-api/api/v1beta1
go: finding module for package sigs.k8s.io/cluster-api/exp/api/v1beta1
go: finding module for package sigs.k8s.io/cluster-api/util/defaulting
go: github.com/openshift/installer/pkg/asset/machines imports
sigs.k8s.io/cluster-api/exp/ipam/api/v1beta1: module sigs.k8s.io/cluster-api@latest found (v1.11.2), but does not contain package sigs.k8s.io/cluster-api/exp/ipam/api/v1beta1
go: github.com/openshift/installer/pkg/asset/machines/aws imports
sigs.k8s.io/cluster-api/api/v1beta1: module sigs.k8s.io/cluster-api@latest found (v1.11.2), but does not contain package sigs.k8s.io/cluster-api/api/v1beta1
go: github.com/openshift/installer/pkg/asset/manifests/azure/stack/v1beta1 imports
sigs.k8s.io/cluster-api-provider-azure/util/azure imports
sigs.k8s.io/cluster-api/exp/api/v1beta1: module sigs.k8s.io/cluster-api@latest found (v1.11.2), but does not contain package sigs.k8s.io/cluster-api/exp/api/v1beta1
go: github.com/openshift/installer/pkg/asset/machines imports
sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2 tested by
sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2.test imports
sigs.k8s.io/cluster-api/util/defaulting: module sigs.k8s.io/cluster-api@latest found (v1.11.2), but does not contain package sigs.k8s.io/cluster-api/util/defaulting

fangge1212 · 2025-10-16T03:34:08Z

Hi @mtulio @patrickdillon
I'm not sure how to resolve the dependency issues in this PR, could you provide some guidance?

fangge1212 · 2025-10-22T02:35:20Z

go get github.com/openshift/client-go@c2dfb51e

The module paths changed in cluster-api v1.11.2. It seems like a big change, so should we bump cluster-api in another PR?

tthvo · 2025-10-22T06:26:41Z

@fangge1212 Bumping cluster-api (capi) to v1.11 is a significant change in the installer as we will need to bump all providers to versions that is compatible with capi v1.11 😞

We have opened a card https://issues.redhat.com/browse/CORS-4262 here to track with more details.

tthvo · 2025-10-22T06:27:03Z

/cc

patrickdillon · 2025-11-04T19:36:19Z

@fangge1212 Currently working on #10060 to unblock the issues you're facing

patrickdillon · 2025-11-18T19:45:47Z

/hold cancel
API issues have been resolved
/approve
This looks good at a high level. I'll review more thoroughly.

openshift-ci · 2025-11-18T19:46:17Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: patrickdillon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [patrickdillon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

patrickdillon · 2025-11-18T21:08:52Z

@fangge1212 some of the unit tests are failing. PTAL. Unfortunately prow is down at the moment and I can't review the results at this time.

patrickdillon · 2025-11-18T21:10:54Z

pkg/asset/machines/aws/machines.go

 		Placement:         machineapi.Placement{Region: in.region, AvailabilityZone: in.zone},
 		SecurityGroups:    securityGroups,
+		CPUOptions: &machineapi.CPUOptions{
+			ConfidentialCompute: ptr.To(machineapi.AWSConfidentialComputePolicy(*in.cpuOptions.ConfidentialCompute)),


unit tests are failing because of a panic. You need to check if in.cpuOptions is set

Updated. Thanks

tthvo · 2025-11-18T20:26:29Z

pkg/types/aws/machinepool.go

+	// More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html
+	// When omitted, this means no opinion and the AWS platform is left to choose a reasonable default,
+	// which is subject to change without notice. The current default is Disabled.
+	// +kubebuilder:validation:Enum=Disabled;AMDEncryptedVirtualizationNestedPaging


Suggested change

// +kubebuilder:validation:Enum=Disabled;AMDEncryptedVirtualizationNestedPaging

I think we can remove this +kubebuilder:validation marker as we already define one on the enum type on line 152.

Otherwise, install.openshift.io_installconfigs.yaml:186-194, there's a redundant allOf with duplicate enum definitions:

allOf: - enum: - Disabled - AMDEncryptedVirtualizationNestedPaging - enum: - Disabled - AMDEncryptedVirtualizationNestedPagin

Yes, you are right.

tthvo · 2025-11-18T21:21:45Z

pkg/types/aws/validation/machinepool.go

+				field.Invalid(
+					fldPath.Child("confidentialCompute"),
+					p.CPUOptions.ConfidentialCompute,
+					fmt.Sprintf("Allowed values are %s, %s and omitted", aws.ConfidentialComputePolicyDisabled, aws.ConfidentialComputePolicySEVSNP),
+				),


Suggested change

field.Invalid(

fldPath.Child("confidentialCompute"),

p.CPUOptions.ConfidentialCompute,

fmt.Sprintf("Allowed values are %s, %s and omitted", aws.ConfidentialComputePolicyDisabled, aws.ConfidentialComputePolicySEVSNP),

),

field.NotSupported(fldPath.Child("confidentialCompute"),

p.CPUOptions.ConfidentialCompute,

[]aws.ConfidentialComputePolicy{aws.ConfidentialComputePolicyDisabled, aws.ConfidentialComputePolicySEVSNP},

),

nit: we can use field.NotSupported here to complain about unsupported values 😁

Updated. Thanks

tthvo · 2025-11-18T21:37:14Z

pkg/types/aws/validation/machinepool_test.go

+		err: `^test-path.cpuOptions: Invalid value: "{}": At least one field must be set if cpuOptions is provided$`,
+	}}
+	for _, test := range cases {
+		t.Run("", func(t *testing.T) {


For each test case, we should give it a name... In case, there is failure in the future, we can trace back which test is failing.

Thanks. Updated.

tthvo · 2025-11-18T21:49:08Z

pkg/asset/machines/aws/awsmachines.go

+				CPUOptions: capa.CPUOptions{
+					ConfidentialCompute: capa.AWSConfidentialComputePolicy(*mpool.CPUOptions.ConfidentialCompute),
+				},


You will also need check for nil here first before setting the CPU options. See #10012 (comment)

Updated. Thanks

tthvo · 2025-11-18T21:54:52Z

@fangge1212 some of the unit tests are failing. PTAL. Unfortunately prow is down at the moment and I can't review the results at this time.

I think due to #10012 (comment) and #10012 (comment), there is a panic in all of the aws e2e jobs because they don't have the new cpuOptions field set. For example, we can see ci/prow/e2e-aws-ovn 😞

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x6439557]
goroutine 1 [running]:
github.com/openshift/installer/pkg/asset/machines/aws.provider(0xc0026864e0)
	/go/src/github.com/openshift/installer/pkg/asset/machines/aws/machines.go:262 +0xa17

tthvo · 2025-11-19T05:20:47Z

@fangge1212 ci/prow/verify-codegen is not happy at the moment. We just need another quick go generate ./pkg/types/installconfig.go to regenerate the install-config CRD 😅

openshift-ci · 2025-11-20T11:20:06Z

@fangge1212: The /retest command does not accept any targets.
The following commands are available to trigger required jobs:

/test artifacts-images

/test e2e-agent-compact-ipv4

/test e2e-aws-ovn

/test e2e-aws-ovn-edge-zones-manifest-validation

/test e2e-aws-ovn-upi

/test e2e-azure-nat-gateway-single-zone

/test e2e-azure-ovn

/test e2e-gcp-ovn

/test e2e-gcp-ovn-upi

/test e2e-metal-ipi-ovn-ipv6

/test e2e-openstack-ovn

/test e2e-vsphere-ovn

/test e2e-vsphere-ovn-upi

/test gofmt

/test golint

/test govet

/test images

/test integration-tests

/test integration-tests-nodejoiner

/test okd-scos-images

/test openstack-manifests

/test shellcheck

/test unit

/test verify-codegen

/test verify-deps

/test verify-vendor

/test yaml-lint

The following commands are available to trigger optional jobs:

/test aws-private

/test azure-ovn-marketplace-images

/test azure-private

/test e2e-agent-4control-ipv4

/test e2e-agent-5control-ipv4

/test e2e-agent-compact-ipv4-appliance-diskimage

/test e2e-agent-compact-ipv4-iso-no-registry

/test e2e-agent-compact-ipv4-none-platform

/test e2e-agent-compact-ipv6-minimaliso

/test e2e-agent-ha-dualstack

/test e2e-agent-sno-ipv4-pxe

/test e2e-agent-sno-ipv6

/test e2e-agent-two-node-fencing-ipv4

/test e2e-aws-byo-subnet-role-security-groups

/test e2e-aws-custom-dns-techpreview

/test e2e-aws-default-config

/test e2e-aws-overlay-mtu-ovn-1200

/test e2e-aws-ovn-custom-iam-profile

/test e2e-aws-ovn-edge-zones

/test e2e-aws-ovn-fips

/test e2e-aws-ovn-heterogeneous

/test e2e-aws-ovn-imdsv2

/test e2e-aws-ovn-proxy

/test e2e-aws-ovn-public-ipv4-pool

/test e2e-aws-ovn-public-ipv4-pool-disabled

/test e2e-aws-ovn-public-subnets

/test e2e-aws-ovn-shared-vpc-custom-security-groups

/test e2e-aws-ovn-shared-vpc-edge-zones

/test e2e-aws-ovn-single-node

/test e2e-aws-ovn-techpreview

/test e2e-aws-ovn-upgrade

/test e2e-aws-upi-proxy

/test e2e-azure-custom-dns-techpreview

/test e2e-azure-default-config

/test e2e-azure-ovn-multidisk-techpreview

/test e2e-azure-ovn-resourcegroup

/test e2e-azure-ovn-shared-vpc

/test e2e-azure-ovn-techpreview

/test e2e-azure-ovn-upi

/test e2e-azurestack

/test e2e-azurestack-upi

/test e2e-crc

/test e2e-external-aws

/test e2e-external-aws-ccm

/test e2e-gcp-custom-dns

/test e2e-gcp-custom-endpoints

/test e2e-gcp-default-config

/test e2e-gcp-ovn-byo-vpc

/test e2e-gcp-ovn-heterogeneous

/test e2e-gcp-ovn-techpreview

/test e2e-gcp-ovn-xpn

/test e2e-gcp-secureboot

/test e2e-gcp-upgrade

/test e2e-gcp-upi-xpn

/test e2e-gcp-xpn-dedicated-dns-project

/test e2e-ibmcloud-ovn

/test e2e-metal-assisted

/test e2e-metal-ipi-ovn

/test e2e-metal-ipi-ovn-dualstack

/test e2e-metal-ipi-ovn-swapped-hosts

/test e2e-metal-ipi-ovn-virtualmedia

/test e2e-metal-ovn-two-node-arbiter

/test e2e-metal-ovn-two-node-fencing

/test e2e-metal-single-node-live-iso

/test e2e-nutanix-ovn

/test e2e-openstack-ccpmso

/test e2e-openstack-ccpmso-zone

/test e2e-openstack-dualstack

/test e2e-openstack-dualstack-upi

/test e2e-openstack-externallb

/test e2e-openstack-nfv-intel

/test e2e-openstack-proxy

/test e2e-openstack-singlestackv6

/test e2e-powervs-capi-ovn

/test e2e-vsphere-externallb-ovn

/test e2e-vsphere-host-groups-ovn-techpreview

/test e2e-vsphere-multi-vcenter-ovn

/test e2e-vsphere-ovn-disk-setup-techpreview

/test e2e-vsphere-ovn-hybrid-env

/test e2e-vsphere-ovn-multi-disk

/test e2e-vsphere-ovn-multi-network

/test e2e-vsphere-ovn-techpreview

/test e2e-vsphere-ovn-upi-zones

/test e2e-vsphere-ovn-zones

/test e2e-vsphere-ovn-zones-techpreview

/test e2e-vsphere-static-ovn

/test gcp-private

/test okd-scos-e2e-aws-ovn

/test okd-scos-e2e-vsphere-ovn

Use /test all to run the following jobs that were automatically triggered:

pull-ci-openshift-installer-main-artifacts-images

pull-ci-openshift-installer-main-aws-private

pull-ci-openshift-installer-main-e2e-aws-byo-subnet-role-security-groups

pull-ci-openshift-installer-main-e2e-aws-default-config

pull-ci-openshift-installer-main-e2e-aws-ovn

pull-ci-openshift-installer-main-e2e-aws-ovn-edge-zones

pull-ci-openshift-installer-main-e2e-aws-ovn-edge-zones-manifest-validation

pull-ci-openshift-installer-main-e2e-aws-ovn-fips

pull-ci-openshift-installer-main-e2e-aws-ovn-heterogeneous

pull-ci-openshift-installer-main-e2e-aws-ovn-imdsv2

pull-ci-openshift-installer-main-e2e-aws-ovn-shared-vpc-custom-security-groups

pull-ci-openshift-installer-main-e2e-aws-ovn-shared-vpc-edge-zones

pull-ci-openshift-installer-main-e2e-aws-ovn-single-node

pull-ci-openshift-installer-main-gofmt

pull-ci-openshift-installer-main-golint

pull-ci-openshift-installer-main-govet

pull-ci-openshift-installer-main-images

pull-ci-openshift-installer-main-okd-scos-e2e-vsphere-ovn

pull-ci-openshift-installer-main-okd-scos-images

pull-ci-openshift-installer-main-shellcheck

pull-ci-openshift-installer-main-unit

pull-ci-openshift-installer-main-verify-codegen

pull-ci-openshift-installer-main-verify-deps

pull-ci-openshift-installer-main-verify-vendor

pull-ci-openshift-installer-main-yaml-lint

In response to this:

/retest required

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

fangge1212 · 2025-11-20T11:24:26Z

/retest-required

yalzhang · 2025-11-20T11:28:56Z

/verified by yalzhang together with openshift/installer#10107

openshift-ci-robot · 2025-11-20T11:29:11Z

@yalzhang: This PR has been marked as verified by yalzhang together with openshift/installer#[10107](https://github.com/openshift/installer/pull/10107).

In response to this:

/verified by yalzhang together with openshift/installer#10107

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

tthvo · 2025-11-20T20:07:14Z

/test verify-codegen

patrickdillon · 2025-11-20T20:29:02Z

@fangge1212 can you please rebase and run go generate pkg/types/installconfig.go Another PR merged, which makes this necessary

openshift-ci-robot · 2025-11-20T20:40:36Z

/retest-required

Remaining retests: 0 against base HEAD 7b84a8c and 2 for PR HEAD 69577af in total

openshift-ci-robot · 2025-11-20T22:30:37Z

/retest-required

Remaining retests: 0 against base HEAD 567aa4a and 1 for PR HEAD 69577af in total

fangge1212 · 2025-11-21T00:44:17Z

/retest-required

Signed-off-by: Fangge Jin <[email protected]>

This will allow configuring confidential computing on AWS platform, only AMD SEV-SNP is supported for now. Signed-off-by: Fangge Jin <[email protected]>

tthvo

/lgtm

yalzhang · 2025-11-21T05:09:02Z

/verified by yalzhang manually by installing a confidential cluster on aws

openshift-ci-robot · 2025-11-21T05:09:04Z

@yalzhang: /verified by <reason> requires at least one verification method to be identified (it can be a comma delimited list). It can specify a test name or a GitHub @username (an engineer that performed the pre-merge verification). See https://docs.ci.openshift.org/docs/architecture/jira/#premerge-verification for more information.

In response to this:

/verified pass by yalzhang

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

yalzhang · 2025-11-21T05:12:07Z

/verified by yalzhang

openshift-ci-robot · 2025-11-21T05:12:21Z

@yalzhang: This PR has been marked as verified by yalzhang.

In response to this:

/verified by yalzhang

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2025-11-21T05:15:28Z

/retest-required

Remaining retests: 0 against base HEAD 8bb5744 and 2 for PR HEAD 64a524b in total

fangge1212 · 2025-11-21T08:48:59Z

/retest-required

openshift-ci-robot · 2025-11-21T09:15:24Z

/retest-required

Remaining retests: 0 against base HEAD e8da62a and 1 for PR HEAD 64a524b in total

patrickdillon · 2025-11-21T10:47:55Z

/skip

openshift-ci · 2025-11-21T12:43:31Z

@fangge1212: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-e2e-aws-ovn	`55c2984`	link	false	`/test okd-scos-e2e-aws-ovn`
ci/prow/e2e-gcp-ovn	`55c2984`	link	true	`/test e2e-gcp-ovn`
ci/prow/e2e-gcp-xpn-dedicated-dns-project	`55c2984`	link	false	`/test e2e-gcp-xpn-dedicated-dns-project`
ci/prow/azure-private	`55c2984`	link	false	`/test azure-private`
ci/prow/e2e-gcp-ovn-byo-vpc	`55c2984`	link	false	`/test e2e-gcp-ovn-byo-vpc`
ci/prow/e2e-gcp-ovn-xpn	`55c2984`	link	false	`/test e2e-gcp-ovn-xpn`
ci/prow/gcp-private	`55c2984`	link	false	`/test gcp-private`
ci/prow/e2e-gcp-default-config	`55c2984`	link	false	`/test e2e-gcp-default-config`
ci/prow/e2e-azure-default-config	`55c2984`	link	false	`/test e2e-azure-default-config`
ci/prow/e2e-gcp-custom-dns	`55c2984`	link	false	`/test e2e-gcp-custom-dns`
ci/prow/e2e-azure-ovn-shared-vpc	`55c2984`	link	false	`/test e2e-azure-ovn-shared-vpc`
ci/prow/azure-ovn-marketplace-images	`55c2984`	link	false	`/test azure-ovn-marketplace-images`
ci/prow/e2e-gcp-secureboot	`55c2984`	link	false	`/test e2e-gcp-secureboot`
ci/prow/e2e-gcp-custom-endpoints	`55c2984`	link	false	`/test e2e-gcp-custom-endpoints`
ci/prow/e2e-azurestack	`55c2984`	link	false	`/test e2e-azurestack`
ci/prow/e2e-azure-ovn	`55c2984`	link	true	`/test e2e-azure-ovn`
ci/prow/e2e-aws-ovn-heterogeneous	`64a524b`	link	false	`/test e2e-aws-ovn-heterogeneous`
ci/prow/e2e-aws-default-config	`64a524b`	link	false	`/test e2e-aws-default-config`
ci/prow/e2e-aws-byo-subnet-role-security-groups	`64a524b`	link	false	`/test e2e-aws-byo-subnet-role-security-groups`
ci/prow/e2e-aws-ovn-imdsv2	`64a524b`	link	false	`/test e2e-aws-ovn-imdsv2`
ci/prow/e2e-aws-ovn-single-node	`64a524b`	link	false	`/test e2e-aws-ovn-single-node`
ci/prow/e2e-aws-ovn-shared-vpc-edge-zones	`64a524b`	link	false	`/test e2e-aws-ovn-shared-vpc-edge-zones`
ci/prow/e2e-aws-ovn-edge-zones	`64a524b`	link	false	`/test e2e-aws-ovn-edge-zones`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

fangge1212 · 2025-11-21T13:06:42Z

/test e2e-gcp-ovn
/test e2e-azure-ovn

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Oct 11, 2025

openshift-ci bot requested review from mtulio and patrickdillon October 11, 2025 08:30

fangge1212 force-pushed the aws_sev_snp branch 2 times, most recently from d4990ea to 55c2984 Compare October 14, 2025 08:39

openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 16, 2025

openshift-ci bot requested a review from tthvo October 22, 2025 06:27

fangge1212 force-pushed the aws_sev_snp branch 3 times, most recently from fa1e5a0 to 54f0c53 Compare November 17, 2025 05:25

openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 18, 2025

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 18, 2025

patrickdillon reviewed Nov 18, 2025

View reviewed changes

tthvo reviewed Nov 18, 2025

View reviewed changes

fangge1212 force-pushed the aws_sev_snp branch 3 times, most recently from f86e677 to c25a423 Compare November 19, 2025 04:54

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Nov 20, 2025

fangge1212 force-pushed the aws_sev_snp branch from 69577af to a026fea Compare November 21, 2025 00:53

openshift-ci-robot removed the verified Signifies that the PR passed pre-merge verification criteria label Nov 21, 2025

openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Nov 21, 2025

fangge1212 added 2 commits November 20, 2025 20:10

aws: Add support for AMD SEV-SNP VMs

bf77b3a

Signed-off-by: Fangge Jin <[email protected]>

aws: Add cpuOptions to install-config.yaml

64a524b

This will allow configuring confidential computing on AWS platform, only AMD SEV-SNP is supported for now. Signed-off-by: Fangge Jin <[email protected]>

fangge1212 force-pushed the aws_sev_snp branch from a026fea to 64a524b Compare November 21, 2025 01:11

tthvo reviewed Nov 21, 2025

View reviewed changes

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 21, 2025

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Nov 21, 2025

tthvo mentioned this pull request Nov 21, 2025

CORS-4055: configure AWS SDK v2 clients with common config #10112

Open

CORS-4188: AWS - Add support to AMD SEV-SNP confidential VMs #10012

Are you sure you want to change the base?

CORS-4188: AWS - Add support to AMD SEV-SNP confidential VMs #10012

Uh oh!

Conversation

fangge1212 commented Oct 11, 2025

Uh oh!

openshift-ci-robot commented Oct 11, 2025 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

fangge1212 commented Oct 16, 2025

Uh oh!

fangge1212 commented Oct 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

fangge1212 commented Oct 16, 2025

Uh oh!

fangge1212 commented Oct 22, 2025

Uh oh!

tthvo commented Oct 22, 2025

Uh oh!

tthvo commented Oct 22, 2025

Uh oh!

patrickdillon commented Nov 4, 2025

Uh oh!

patrickdillon commented Nov 18, 2025

Uh oh!

openshift-ci bot commented Nov 18, 2025

Uh oh!

patrickdillon commented Nov 18, 2025

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

tthvo commented Nov 18, 2025

Uh oh!

tthvo commented Nov 19, 2025

Uh oh!

openshift-ci bot commented Nov 20, 2025

Uh oh!

fangge1212 commented Nov 20, 2025

Uh oh!

yalzhang commented Nov 20, 2025

Uh oh!

openshift-ci-robot commented Nov 20, 2025

Uh oh!

tthvo commented Nov 20, 2025

Uh oh!

patrickdillon commented Nov 20, 2025

Uh oh!

openshift-ci-robot commented Nov 20, 2025

Uh oh!

openshift-ci-robot commented Nov 20, 2025

Uh oh!

fangge1212 commented Nov 21, 2025

Uh oh!

tthvo left a comment

Choose a reason for hiding this comment

Uh oh!

yalzhang commented Nov 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci-robot commented Nov 21, 2025

openshift-ci-robot commented Oct 11, 2025 •

edited by openshift-ci bot

Loading

fangge1212 commented Oct 16, 2025 •

edited

Loading

yalzhang commented Nov 21, 2025 •

edited

Loading