Skip to content

OCPBUGS-66940: fix default image for confidential VMs#1443

Merged
openshift-merge-bot[bot] merged 1 commit into
openshift:mainfrom
patrickdillon:az-confidential-vm-img
Jun 23, 2026
Merged

OCPBUGS-66940: fix default image for confidential VMs#1443
openshift-merge-bot[bot] merged 1 commit into
openshift:mainfrom
patrickdillon:az-confidential-vm-img

Conversation

@patrickdillon

@patrickdillon patrickdillon commented Dec 4, 2025

Copy link
Copy Markdown
Contributor

The installer still creates an image gallery for confidfential VMs, and we can tell its a confidential VM from the machine provider spec, so this updates the default to point to an installer-created gallery rather than the marketplace image.

@openshift-ci-robot openshift-ci-robot added jira/severity-moderate Referenced Jira bug's severity is moderate for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Dec 4, 2025
@openshift-ci-robot

openshift-ci-robot commented Dec 4, 2025

Copy link
Copy Markdown
Contributor

@patrickdillon: This pull request references Jira Issue OCPBUGS-66244, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.21.0) matches configured target version for branch (4.21.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @sunzhaohua2

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

The installer still creates an image gallery for confidfential VMs, and we can tell its a confidential VM from the machine provider spec, so this updates the default to point to an installer-created gallery rather than the marketplace image.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@patrickdillon
OCPBUGS-66244: fix default image for confidential VMs
0e9cb0c 
The installer still creates an image gallery for confidfential
VMs, and we can tell its a confidential VM from the machine
provider spec, so this updates the default to point to an
installer-created gallery rather than the marketplace image.
@patrickdillon patrickdillon force-pushed the az-confidential-vm-img branch from 1364696 to 0e9cb0c Compare December 4, 2025 20:50
@damdo

damdo commented Dec 5, 2025

Copy link
Copy Markdown
Member

/test unit

@sunzhaohua2

sunzhaohua2 commented Dec 5, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

/verified by @sunzhaohua2
Tested on confidential VM cluster, with this pr, if we don't specify image, machine can be created succeed.

$ oc get machine                                                                                             
NAME                                                   PHASE     TYPE                 REGION       ZONE   AGE
ci-op-x4r75bt8-b6d04-7tsnr-master-0                    Running   Standard_DC4es_v5    westeurope   2      97m
ci-op-x4r75bt8-b6d04-7tsnr-master-1                    Running   Standard_DC4es_v5    westeurope   2      97m
ci-op-x4r75bt8-b6d04-7tsnr-master-2                    Running   Standard_DC4es_v5    westeurope   2      97m
ci-op-x4r75bt8-b6d04-7tsnr-worker-westeurope2-47h44    Running   Standard_DC4ads_v5   westeurope   2      91m
ci-op-x4r75bt8-b6d04-7tsnr-worker-westeurope2-nwhqb    Running   Standard_DC4ads_v5   westeurope   2      91m
ci-op-x4r75bt8-b6d04-7tsnr-worker-westeurope2-qr8gt    Running   Standard_DC4ads_v5   westeurope   2      91m
ci-op-x4r75bt8-b6d04-7tsnr-worker-westeurope21-9jsgx   Running   Standard_DC4ads_v5   westeurope   2      5m39s
$ oc get machine ci-op-x4r75bt8-b6d04-7tsnr-worker-westeurope21-9jsgx -o yaml                               
      image:
        offer: ""
        publisher: ""
        resourceID: /resourceGroups/ci-op-x4r75bt8-b6d04-7tsnr-rg/providers/Microsoft.Compute/galleries/gallery_ci_op_x4r75bt8_b6d04_7tsnr/images/ci-op-x4r75bt8-b6d04-7tsnr-gen2/versions/latest
        sku: ""
        version: ""

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Dec 5, 2025
@openshift-ci-robot

openshift-ci-robot commented Dec 5, 2025

Copy link
Copy Markdown
Contributor

@sunzhaohua2: This PR has been marked as verified by @sunzhaohua2.

Details

In response to this:

/verified by @sunzhaohua2
With pr 1443, if we don't specify image, machine can be created succeed.

$ oc get machine                                                                                             
NAME                                                   PHASE     TYPE                 REGION       ZONE   AGE
ci-op-x4r75bt8-b6d04-7tsnr-master-0                    Running   Standard_DC4es_v5    westeurope   2      97m
ci-op-x4r75bt8-b6d04-7tsnr-master-1                    Running   Standard_DC4es_v5    westeurope   2      97m
ci-op-x4r75bt8-b6d04-7tsnr-master-2                    Running   Standard_DC4es_v5    westeurope   2      97m
ci-op-x4r75bt8-b6d04-7tsnr-worker-westeurope2-47h44    Running   Standard_DC4ads_v5   westeurope   2      91m
ci-op-x4r75bt8-b6d04-7tsnr-worker-westeurope2-nwhqb    Running   Standard_DC4ads_v5   westeurope   2      91m
ci-op-x4r75bt8-b6d04-7tsnr-worker-westeurope2-qr8gt    Running   Standard_DC4ads_v5   westeurope   2      91m
ci-op-x4r75bt8-b6d04-7tsnr-worker-westeurope21-9jsgx   Running   Standard_DC4ads_v5   westeurope   2      5m39s
$ oc get machine ci-op-x4r75bt8-b6d04-7tsnr-worker-westeurope21-9jsgx -o yaml                               
     image:
       offer: ""
       publisher: ""
       resourceID: /resourceGroups/ci-op-x4r75bt8-b6d04-7tsnr-rg/providers/Microsoft.Compute/galleries/gallery_ci_op_x4r75bt8_b6d04_7tsnr/images/ci-op-x4r75bt8-b6d04-7tsnr-gen2/versions/latest
       sku: ""
       version: ""

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@nrb

nrb commented Dec 10, 2025

Copy link
Copy Markdown
Contributor

/title OCPBUGS-66240: fix default image for confidential VMs

@nrb

nrb commented Dec 10, 2025

Copy link
Copy Markdown
Contributor

/retitle OCPBUGS-66240: fix default image for confidential VMs

@openshift-ci openshift-ci Bot changed the title OCPBUGS-66244: fix default image for confidential VMs OCPBUGS-66240: fix default image for confidential VMs Dec 10, 2025
@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. and removed jira/severity-moderate Referenced Jira bug's severity is moderate for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Dec 10, 2025
@openshift-ci-robot

openshift-ci-robot commented Dec 10, 2025

Copy link
Copy Markdown
Contributor

@patrickdillon: This pull request references Jira Issue OCPBUGS-66240, which is invalid:

  • expected the bug to target either version "4.21." or "openshift-4.21.", but it targets "4.20.z" instead
  • expected the bug to be in one of the following states: NEW, ASSIGNED, POST, but it is Verified instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

The installer still creates an image gallery for confidfential VMs, and we can tell its a confidential VM from the machine provider spec, so this updates the default to point to an installer-created gallery rather than the marketplace image.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Dec 10, 2025
@sunzhaohua2

sunzhaohua2 commented Dec 11, 2025

Copy link
Copy Markdown
Contributor

/retitle OCPBUGS-66940: fix default image for confidential VMs

@openshift-ci openshift-ci Bot changed the title OCPBUGS-66240: fix default image for confidential VMs OCPBUGS-66940: fix default image for confidential VMs Dec 11, 2025
@openshift-ci-robot openshift-ci-robot removed the jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. label Dec 11, 2025
@openshift-ci-robot

openshift-ci-robot commented Dec 11, 2025

Copy link
Copy Markdown
Contributor

@patrickdillon: This pull request references Jira Issue OCPBUGS-66940, which is invalid:

  • expected the bug to target the "4.21.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

The installer still creates an image gallery for confidfential VMs, and we can tell its a confidential VM from the machine provider spec, so this updates the default to point to an installer-created gallery rather than the marketplace image.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/severity-low Referenced Jira bug's severity is low for the branch this PR is targeting. label Dec 11, 2025
@damdo

damdo commented Dec 12, 2025

Copy link
Copy Markdown
Member

/cherry-pick release-4.21

@openshift-cherrypick-robot

openshift-cherrypick-robot commented Dec 12, 2025

Copy link
Copy Markdown

@damdo: once the present PR merges, I will cherry-pick it on top of release-4.21 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-4.21

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@tthvo

tthvo commented Dec 12, 2025

Copy link
Copy Markdown
Member

/jira refresh

@openshift-ci-robot openshift-ci-robot added the jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. label Dec 12, 2025
@openshift-ci-robot openshift-ci-robot removed the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Dec 12, 2025
@openshift-ci-robot

openshift-ci-robot commented Dec 12, 2025

Copy link
Copy Markdown
Contributor

@tthvo: This pull request references Jira Issue OCPBUGS-66940, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.22.0) matches configured target version for branch (4.22.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @sunzhaohua2

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@damdo

damdo commented Mar 7, 2026

Copy link
Copy Markdown
Member

@tthvo @patrickdillon what's the status of this, is it still something we want to merge? TY

@perdasilva

perdasilva commented Jun 22, 2026

Copy link
Copy Markdown

@tthvo @patrickdillon this has been hanging around for a bit - is it something we want to get merged?

@patrickdillon

patrickdillon commented Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

@damdo @perdasilva Yes you can merge it. There are no customer cases and I don't believe confidential VMs are a common use case, so I'm also fine just to close it. But AFAIK it's a valid bug and fix.

@JoelSpeed

JoelSpeed commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

/lgtm
/approve

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jun 23, 2026
@openshift-ci

openshift-ci Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JoelSpeed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 23, 2026
@openshift-ci

openshift-ci Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

@patrickdillon: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-merge-bot openshift-merge-bot Bot merged commit cdb40f8 into openshift:main Jun 23, 2026
16 checks passed
@openshift-ci-robot

openshift-ci-robot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

@patrickdillon: Jira Issue Verification Checks: Jira Issue OCPBUGS-66940
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-66940 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

Details

In response to this:

The installer still creates an image gallery for confidfential VMs, and we can tell its a confidential VM from the machine provider spec, so this updates the default to point to an installer-created gallery rather than the marketplace image.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-cherrypick-robot

openshift-cherrypick-robot commented Jun 23, 2026

Copy link
Copy Markdown

@damdo: new pull request created: #1513

Details

In response to this:

/cherry-pick release-4.21

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jun 23, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sunzhaohua2 sunzhaohua2 Awaiting requested review from sunzhaohua2
@mdbooth mdbooth Awaiting requested review from mdbooth
@theobarberbany theobarberbany Awaiting requested review from theobarberbany

Assignees

@JoelSpeed JoelSpeed

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/severity-low Referenced Jira bug's severity is low for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@patrickdillon @openshift-ci-robot @damdo @sunzhaohua2 @nrb @openshift-cherrypick-robot @tthvo @perdasilva @JoelSpeed