Unable to install OCP 4.15 on Azure with Confidential Computing Enabled

[pietromariodambrosio]

Version

Openshift 4.15

Platform:

Azure
IPI Installation

What happened?

I tried to install an Openshift Cluster on Azure with Confidential Computing Feature Enabled and Customer Managed Key Disk Encryption Set for encrypt the OS Disk.

I have configured the install-config.yaml by adding the parameter for confidential Computing:

https://docs.openshift.com/container-platform/4.15/installing/installing_azure/installing-azure-private.html#installation-azure-confidential-vms_installing-azure-private

I run the command for create the cluster:
./openshift-install create cluster --dir config --log-level=debug

but the creation failed with this error:

ERROR Error: creating Linux Virtual Machine: (Name "clu01-test-22965-bootstrap" / Resource Group "xxxxxxxxx"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="Encryption Type ConfidentialVmEncryptedWithCustomerKey is not supported for server side encryption with customer managed key." Target="/subscriptions/xxxxxxxxxxx/resourceGroups/xxxxxxxxxx/providers/Microsoft.Compute/disks/clu01-test-22965-bootstrap_OSDisk"

I think the problem is that in the case of confidential computing I need to configure secure_vm_disk_encryption_set_id for the encryption of OS disk ( The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk when the Virtual Machine is a Confidential VM).

Is it possible to add this parameter to the install-config.yaml file? instead of the standard diskEncryptionSet present in the file.

I saw that the reference variable is present in the main.tf of the bootstrap:
https://github.com/openshift/installer/blob/master/data/data/azure/bootstrap/main.tf

How to reproduce it (as minimally and precisely as possible)?

Create a OCP Cluster on Azure with Confidential Computing and Confidential disk encryption with a customer-managed key.

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[openshift-bot]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale