Merge pull request #56348 from jeana-redhat/OSDOCS-5090-GCP-confidential-compute

[OSDOCS-5090]: GCP Confidential VM options

Author: jeana-redhat

machine_management/creating_machinesets/creating-machineset-gcp.adoc

@@ -23,6 +23,11 @@ include::modules/machineset-creating.adoc[leveloffset=+1]
 //Configuring persistent disk types by using compute machine sets
 include::modules/machineset-gcp-pd-disk-types.adoc[leveloffset=+1]
 
+//Configuring Shielded VM options by using machine sets [PR#56252]
+
+//Configuring Confidential Computing by using machine sets
+include::modules/machineset-gcp-confidential-vm.adoc[leveloffset=+1]
+
 //Machine sets that deploy machines as preemptible VM instances
 include::modules/machineset-non-guaranteed-instance.adoc[leveloffset=+1]
 

modules/machineset-gcp-confidential-vm.adoc

@@ -0,0 +1,55 @@
+// Module included in the following assemblies:
+//
+// * machine_management/creating_machinesets/creating-machineset-gcp.adoc
+// * machine_management/control_plane_machine_management/cpmso-using.adoc
+
+ifeval::["{context}" == "cpmso-using"]
+:cpmso:
+endif::[]
+
+:_content-type: PROCEDURE
+[id="machineset-gcp-confidential-vm_{context}"]
+= Configuring Confidential VM by using machine sets
+
+By editing the machine set YAML file, you can configure the Confidential VM options that a machine set uses for machines that it deploys.
+
+For more information about Confidential Compute features, functionality, and compatibility, see the GCP Compute Engine documentation about link:https://cloud.google.com/compute/confidential-vm/docs/about-cvm[Confidential VM].
+
+.Procedure
+
+. In a text editor, open the YAML file for an existing machine set or create a new one.
+
+. Edit the following section under the `providerSpec` field:
++
+[source,yaml]
+----
+ifndef::cpmso[]
+apiVersion: machine.openshift.io/v1beta1
+kind: MachineSet
+endif::cpmso[]
+ifdef::cpmso[]
+apiVersion: machine.openshift.io/v1
+kind: ControlPlaneMachineSet
+endif::cpmso[]
+...
+spec:
+  template:
+    spec:
+      providerSpec:
+        value:
+          confidentialCompute: Enabled <1>
+          onHostMaintenance: Terminate <2>
+          machineType: n2d-standard-8 <3>
+...
+----
+<1> Specify whether Confidential VM is enabled. Valid values are `Disabled` or `Enabled`.
+<2> Specify the behavior of the VM during a host maintenance event, such as a hardware or software update. For a machine that uses Confidential VM, this value must be set to `Terminate`, which stops the VM. Confidential VM does not support live VM migration.
+<3> Specify a machine type that supports Confidential VM. Confidential VM supports the N2D and C2D series of machine types.
+
+.Verification
+
+* On the Google Cloud console, review the details for a machine deployed by the machine set and verify that the Confidential VM options match the values that you configured.
+
+ifeval::["{context}" == "cpmso-using"]
+:!cpmso:
+endif::[]