1. Launch TD Guest

Activate TDX feature gate

By default KubeVirt is not support TD Guest, it's not mature enough to be enabled by default.

This feature needs to be activated in kubevirt CRD manually.

kubectl edit kubevirt -n kubevirt

    ...
    spec:
      configuration:
        developerConfiguration:
          featureGates:
            - WorkloadEncryptionTDX

Running a TDX Guest

Note: The provided pre-built image is only for validation TDX functionality.

Custom Ephemeral Storage: ContainerDisk
Custom Persistent Volume: Containerized Data Importer

kubectl create -f vmi-ubuntu-td.yaml

After deployment, the status of VMI could be check by kubectl

kubectl get vmi

NAME            AGE   PHASE     IP              NODENAME       READY                                                                                                    
vmi-ubuntu-td   36s   Running   172.10.13.190   css-spr-prc1   True

When the status of vmi changes to True, it's time to login.

virtctl

virtctl binary path: _out/cmd/virtctl

# console mode
./virtctl console vmi-ubuntu-td

# ssh mode
./virtctl ssh root@vmi-ubuntu-td

Check if tdx enabled

Run the following command in the TD guest.

dmesg | grep -i tdx

If the dmesg not contains such message, means TDX is not enabled.

[    0.000000] tdx: Guest detected

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1. Launch TD Guest

Activate TDX feature gate

Running a TDX Guest

Check if tdx enabled

Clone this wiki locally