Skip to content

Add support for nested virtualization on GCE instances #1537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
+52 −0
Open

Add support for nested virtualization on GCE instances #1537

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
338e54c
Add support for nested virtualization on GCE instances
jwmay2012 Sep 26, 2025
06707a4
Remove superfluous statement from docs.
jwmay2012 Oct 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions api/v1beta1/gcpmachine_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -365,6 +365,13 @@ type GCPMachineSpec struct {
// attached to the instance.
// +optional
GuestAccelerators []Accelerator `json:"guestAccelerators,omitempty"`

// EnableNestedVirtualization specifies whether to enable nested virtualization or not
// (default is false). Nested virtualization allows VMs to run inside other VMs.
// Note: Requires at minimum "Intel Haswell" CPU platform.
// This field cannot be changed after instance creation.
// +optional
EnableNestedVirtualization *bool `json:"enableNestedVirtualization,omitempty"`
}

// Accelerator is a specification of the type and number of accelerator
Expand Down
5 changes: 5 additions & 0 deletions api/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions cloud/scope/machine.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -493,6 +493,12 @@ func (m *MachineScope) InstanceSpec(log logr.Logger) *compute.Instance {
instance.Scheduling.OnHostMaintenance = "TERMINATE"
}

if m.GCPMachine.Spec.EnableNestedVirtualization != nil && *m.GCPMachine.Spec.EnableNestedVirtualization {
instance.AdvancedMachineFeatures = &compute.AdvancedMachineFeatures{
EnableNestedVirtualization: true,
}
}

return instance
}

Expand Down
7 changes: 7 additions & 0 deletions config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmachines.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,13 @@ spec:
- AMDEncryptedVirtualizationNestedPaging
- IntelTrustedDomainExtensions
type: string
enableNestedVirtualization:
description: |-
EnableNestedVirtualization specifies whether to enable nested virtualization or not
(default is false). Nested virtualization allows VMs to run inside other VMs.
Note: Requires at minimum "Intel Haswell" CPU platform.
This field cannot be changed after instance creation.
type: boolean
guestAccelerators:
description: |-
GuestAccelerators is a list of the type and count of accelerator cards
Expand Down
7 changes: 7 additions & 0 deletions config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmachinetemplates.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,13 @@ spec:
- AMDEncryptedVirtualizationNestedPaging
- IntelTrustedDomainExtensions
type: string
enableNestedVirtualization:
description: |-
EnableNestedVirtualization specifies whether to enable nested virtualization or not
(default is false). Nested virtualization allows VMs to run inside other VMs.
Note: Requires at minimum "Intel Haswell" CPU platform.
This field cannot be changed after instance creation.
type: boolean
guestAccelerators:
description: |-
GuestAccelerators is a list of the type and count of accelerator cards
Expand Down
1 change: 1 addition & 0 deletions docs/book/src/SUMMARY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
- [Conformance](./topics/conformance.md)
- [Machine Locations](./topics/machine-locations.md)
- [Preemptible VMs](./topics/preemptible-vms.md)
- [Nested Virtualization](./topics/nested-virtualization.md)
- [Developer Guide](./developers/index.md)
- [Development](./developers/development.md)
- [Try unreleased changes with Nightly Builds](./developers/nightlies.md)
Expand Down
21 changes: 21 additions & 0 deletions docs/book/src/topics/nested-virtualization.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Nested Virtualization

Enable nested virtualization to run VMs inside GCE instances via the `enableNestedVirtualization` field. This allows running container sandboxes, KVM, QEMU, or other hypervisors inside the instance. Requires Intel Haswell or later CPU platforms.

```yaml
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: GCPMachineTemplate
metadata:
name: mygcpmachinetemplate
namespace: mynamespace
spec:
template:
spec:
instanceType: n2-standard-8
enableNestedVirtualization: true
```
https://cloud.google.com/compute/docs/instances/nested-virtualization/overview
NOTE: Nested virtualization must be enabled at instance creation time and cannot be changed after the instance is created.