Configuring Anjuna Confidential Pod VM sizes

Anjuna Confidential Pods are deployed into Confidential VMs (CVMs) by the Anjuna Kubernetes Toolset. Like all cloud-based VMs, each CVM must be of a particular VM size (or type). The VM size defines resources like CPU, memory, and storage.

The instructions below explain how to configure a list of acceptable VM sizes, a default VM size, and how to select an Anjuna Confidential Pod VM size manually.

  • Azure Kubernetes Services (AKS)

  • OpenShift on GCP

Configure a list of VM sizes

You can configure the list of acceptable CVM sizes when you install the Anjuna Kubernetes Toolset using the instanceSizes variable in the Helm Chart. Refer to Install the Anjuna Kubernetes Toolset for configuring the list of acceptable VM sizes.

Explicitly choose a VM size

When deploying an Anjuna Confidential Pod, you can force the Anjuna Kubernetes Toolset to use a specific VM size. The VM size must be part of the acceptable VM sizes list, as described above.

To explicitly choose a VM size, you will need to set the cvm.anjuna.io/machine_type annotation to your Anjuna Confidential Pod spec file at .spec.template.metadata.annotations.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: default
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
        anjuna.io/run-confidential: "yes"
      annotations:
        # manually choose a VM size
        cvm.anjuna.io/machine_type: Standard_DC4as_v5
        cvm.anjuna.io/image: ...
    spec:
      containers:
      - name: nginx
        image: docker.io/library/nginx:latest
        ports:
        - containerPort: 80
        imagePullPolicy: Always

Automatically choose a VM size

When a VM size is not explicitly set, but a container resource request is, the Anjuna Kubernetes Toolset will determine the VM size to use automatically, based on the requested resources as defined by Kubernetes. The Anjuna Kubernetes Toolset will use the list of acceptable VM sizes to determine the smallest one that fits the Anjuna Confidential Pod’s resource requests.

Note that unlike traditional Pods, resource requests for Anjuna Confidential Pods will not count towards the Node allocation budget, since the Anjuna Kubernetes Toolset deploys Anjuna Confidential Pods inside CVMs.

For example, this Anjuna Confidential Pod spec requests 4 CPUs and 16GB of RAM. For a list of acceptable VM sizes containing Standard_DC2as_v5, Standard_DC4as_v5, and Standard_DC8as_v5, the Anjuna Kubernetes Toolset will automatically choose Standard_DC4as_v5 as the VM size to deploy since it has 4 vCPUs and 16GB of RAM.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: default
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
        anjuna.io/run-confidential: "yes"
      annotations:
        cvm.anjuna.io/image: ...
    spec:
      containers:
      - name: nginx
        image: docker.io/library/nginx:latest
        ports:
        - containerPort: 80
        imagePullPolicy: Always
        resources:
          requests:
            cpu: 4
            ram: 16G

Configure a default VM size

When an Anjuna Confidential Pod deployment does not request a specific VM size manually, nor does it request resources, the Anjuna Kubernetes Toolset will use the default VM size. Refer to Install the Anjuna Kubernetes Toolset for configuring the default VM size. Note that it must be a subset of the acceptable VM sizes list.

Explicitly choose a VM size

When deploying an Anjuna Confidential Pod, you can force the Anjuna Kubernetes Toolset to use a specific VM size.

To explicitly choose a VM size, you will need to set the cvm.anjuna.io/machine_type annotation to your Anjuna Confidential Pod spec file at .spec.template.metadata.annotations.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: default
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
        anjuna.io/run-confidential: "yes"
      annotations:
        # manually choose a VM size
        cvm.anjuna.io/machine_type: n2d-standard-4
        cvm.anjuna.io/image: ...
    spec:
      containers:
      - name: nginx
        image: docker.io/library/nginx:latest
        ports:
        - containerPort: 80
        imagePullPolicy: Always

Configure a default VM size

When an Anjuna Confidential Pod deployment does not request a specific VM size manually, the Anjuna Kubernetes Toolset will use the default VM size. Refer to Installing the Anjuna Kubernetes Toolset Helm Chart for configuring the default VM size via the parameter gcp.machine.