Configuring Anjuna Confidential Pod VM Sizes

Anjuna Confidential Pods are deployed into Confidential VMs by the Anjuna Kubernetes Toolset. As all cloud-based VMs, Confidential VMs must of a certain VM size (or type).

The instructions below explain how to configure a list of acceptable VM sizes, a default VM size, and how to select a Anjuna Confidential Pod VM size manually.

Configuring a List of VM Sizes

To determine which VM sizes the Anjuna Kubernetes Toolset can deploy, Anjuna Kubernetes Toolset requires a list of acceptable VM sizes. Refer to Install the Anjuna Kubernetes Toolset for configuring the list of acceptable VM sizes.

Manually Choose a VM Size

When deploying an Anjuna Confidential Pod, you can force the Anjuna Kubernetes Toolset to use a VM size of choice. The VM size must be part of the acceptable VM sizes list, as described above.

To manually choose a VM size, you will need to set the io.anjuna.sev.machine_type annotation to your Anjuna Confidential Pod spec file at .spec.template.metadata.annotations.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: default
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
      annotations:
        # manually choose a VM size
        io.anjuna.sev.machine_type: Standard_DC4as_v5
        io.anjuna.sev.image: ...
    spec:
      runtimeClassName: anjuna-remote
      containers:
      - name: nginx
        image: docker.io/library/nginx:latest
        ports:
        - containerPort: 80
        imagePullPolicy: Always

Automatically Choose a VM Size

When a VM size was not explicitly set, but a container resource request was, the Anjuna Kubernetes Toolset will determine the VM size to use automatically based on the requested resources, as defined by [Kubernetes](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container). The Anjuna Kubernetes Toolset will use the list of acceptable VM sizes to determine the smallest one that fits the Anjuna Confidential Pod’s resource requests.

Note that unlike traditional Pods, resource requests for Anjuna Confidential Pods will not count towards the node allocation budget, since the Anjuna Kubernetes Toolset deploys Anjuna Confidential Pods inside Confidential Virtual Machines.

For example, this Anjuna Confidential Pod spec requests 4 CPUs and 16G of RAM. For a list of acceptable VM sizes containing Standard_DC2as_v5, Standard_DC4as_v5, and Standard_DC8as_v5, the Anjuna Kubernetes Toolset will automatically choose Standard_DC4as_v5 as the VM size to deploy since it has 4 vCPUs and 16G of RAM.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: default
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
      annotations:
        io.anjuna.sev.image: ...
    spec:
      runtimeClassName: anjuna-remote
      containers:
      - name: nginx
        image: docker.io/library/nginx:latest
        ports:
        - containerPort: 80
        imagePullPolicy: Always
        resources:
          requests:
            cpu: 4
            ram: 16G

Configuring a Default VM Size

When a Anjuna Confidential Pod deployment does not request a specific VM size manually nor does it request resources, the Anjuna Kubernetes Toolset will use the default VM size. Refer to Install the Anjuna Kubernetes Toolset for configuring the default VM size. Note that it must be a subset of the acceptable VM sizes list.