Join Log in
Score:0
avatar Server

GCP/GKE - add/attach a new disk to confidential node

ng flag
mr.szop

I'm trying to attach a new disk to y GKE cluster since I need it for a database running with PostreSQL Operator. Important: I'm running confidential n2d nodes. Now I'm getting following error from k8s:

Events:
  Type     Reason              Age                  From                     Message
  ----     ------              ----                 ----                     -------
  Warning  FailedScheduling    7m6s (x2 over 7m7s)  default-scheduler        0/3 nodes are available: 3 pod has unbound immediate PersistentVolumeClaims.
  Normal   Scheduled           7m4s                 default-scheduler        Successfully assigned postgres-testing/acid-minimal-cluster-0 to gke-...-developm-07e64540-7mf8
  Warning  FailedMount         5m1s                 kubelet                  Unable to attach or mount volumes: unmounted volumes=[psql-gcs-development-bucket-credentials pgdata], unattached volumes=[dshm psql-gc
s-development-bucket-credentials kube-api-access-d52h7 pgdata]: timed out waiting for the condition
  Warning  FailedMount         52s (x11 over 7m4s)  kubelet                  MountVolume.SetUp failed for volume "psql-gcs-development-bucket-credentials" : secret "psql-gcs-development-bucket-credentials" not fo
und
  Warning  FailedAttachVolume  42s (x11 over 7m3s)  attachdetach-controller  AttachVolume.Attach failed for volume "pvc-898d4a0e-2e3f-4368-a075-e775e9614424" : googleapi: Error 400: Invalid resource usage: 'An NV
Me interface is required for disks attached to confidential VMs. The interface must be specified as NVMe at the time of disk creation.'., invalidResourceUsage
  Warning  FailedMount         26s (x2 over 2m44s)  kubelet                  Unable to attach or mount volumes: unmounted volumes=[pgdata psql-gcs-development-bucket-credentials], unattached volumes=[pgdata dshm
psql-gcs-development-bucket-credentials kube-api-access-d52h7]: timed out waiting for the condition

Please don't mind the secret msg. I know they are in the wrong namespace. But I'm a bit lost with the GCP volumes. I've tried several ways to attach a volume to my existing k8s node (VM), but the error msg is always the same:

An NVMe interface is required for disks attached to confidential VMs. The interface must be specified as NVMe at the time of disk creation

I don't understand "NVMe interface", since I'm not able to choose anything via UI during disk creating or attachment. gcloud CLI doesn't have this option either. I've found a link to Google documentation:

Due to a current limitation of NVME drivers, it is not possible to apply a customer-supplied device name to disks attached to a Confidential VM instance. If you need custom disk names as identifiers—for example, for automation purposes—as an example, a potential workaround is the use of the Compute Engine metadata service.

But this seem's to be a step afterwards, since I'm not even able to attach a volume.

Hope you can help me out, Cheers

82
0 + 0
ng flag
mr.szop
Okay, I guess [this](Currently, you cannot add local SSDs or persistent disks when Confidential GKE Nodes is enabled.) might be the answer: >Currently, you cannot add local SSDs or persistent disks when Confidential GKE Nodes is enabled.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.