From 21529d0e9e1a33c3ff1246276b52cd4183de674f Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Tue, 29 Nov 2022 12:36:43 +0100 Subject: [PATCH] don't promote Trusted Launch for now --- CHANGELOG.md | 1 + docs/docs/getting-started/first-steps.md | 2 ++ docs/sidebars.js | 10 +++++----- internal/config/config.go | 2 +- internal/config/config_doc.go | 4 ++-- 5 files changed, 11 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4fa5f9a09..bd08da87b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -45,6 +45,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `access-manager` was removed from code base. K8s native way to SSH into nodes documented. - `SSHUsers` has been removed from the user configuration following the removal of `access-manager`. +- Azure Trusted Launch support. May come back in the future. ### Fixed diff --git a/docs/docs/getting-started/first-steps.md b/docs/docs/getting-started/first-steps.md index 1f0eacae2..354a1e7f8 100644 --- a/docs/docs/getting-started/first-steps.md +++ b/docs/docs/getting-started/first-steps.md @@ -226,11 +226,13 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step + 3. Create the cluster with one control-plane node and two worker nodes. `constellation create` uses options set in `constellation-conf.yaml`. diff --git a/docs/sidebars.js b/docs/sidebars.js index dc6ce6b8e..847d61157 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -158,11 +158,11 @@ const sidebars = { label: 'Use persistent storage', id: 'workflows/storage', }, - { - type: 'doc', - label: 'Use Azure trusted launch VMs', - id: 'workflows/trusted-launch', - }, + // { + // type: 'doc', + // label: 'Use Azure trusted launch VMs', + // id: 'workflows/trusted-launch', + // }, { type: 'doc', label: 'Consume SBOMs', diff --git a/internal/config/config.go b/internal/config/config.go index 61309ea7e..0c4cfaca7 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -155,7 +155,7 @@ type AzureConfig struct { // Deploy Azure Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage DeployCSIDriver *bool `yaml:"deployCSIDriver" validate:"required"` // description: | - // Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview + // Use Confidential VMs. Always needs to be true. ConfidentialVM *bool `yaml:"confidentialVM" validate:"required"` // description: | // Enable secure boot for VMs. If enabled, the OS image has to include a virtual machine guest state (VMGS) blob. diff --git a/internal/config/config_doc.go b/internal/config/config_doc.go index 17178cc85..83c94c5af 100644 --- a/internal/config/config_doc.go +++ b/internal/config/config_doc.go @@ -231,8 +231,8 @@ func init() { AzureConfigDoc.Fields[10].Name = "confidentialVM" AzureConfigDoc.Fields[10].Type = "bool" AzureConfigDoc.Fields[10].Note = "" - AzureConfigDoc.Fields[10].Description = "Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview" - AzureConfigDoc.Fields[10].Comments[encoder.LineComment] = "Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview" + AzureConfigDoc.Fields[10].Description = "Use Confidential VMs. Always needs to be true." + AzureConfigDoc.Fields[10].Comments[encoder.LineComment] = "Use Confidential VMs. Always needs to be true." AzureConfigDoc.Fields[11].Name = "secureBoot" AzureConfigDoc.Fields[11].Type = "bool" AzureConfigDoc.Fields[11].Note = ""