don't promote Trusted Launch for now

2024-12-17 20:04:36 -05:00 · 2022-11-29 12:36:43 +01:00 · 2022-11-29 12:36:43 +01:00 · 21529d0e9e
commit 21529d0e9e
parent fe74c937b9
5 changed files with 11 additions and 8 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -45,6 +45,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 <!-- For now removed features. -->
 - `access-manager` was removed from code base. K8s native way to SSH into nodes documented.
 - `SSHUsers` has been removed from the user configuration following the removal of `access-manager`.
+- Azure Trusted Launch support. May come back in the future.

 ### Fixed

--- a/docs/docs/getting-started/first-steps.md
+++ b/docs/docs/getting-started/first-steps.md
@ -226,11 +226,13 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step
    </tabItem>
    </tabs>

+<!--
    :::info

    In case you don't have access to CVMs on Azure, you may use less secure  [trusted launch VMs](../workflows/trusted-launch.md) instead. For this, set **confidentialVM** to `false` in the configuration file.

    :::
+-->

 3. Create the cluster with one control-plane node and two worker nodes. `constellation create` uses options set in `constellation-conf.yaml`.

--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@ -158,11 +158,11 @@ const sidebars = {
          label: 'Use persistent storage',
          id: 'workflows/storage',
        },
-        {
-          type: 'doc',
-          label: 'Use Azure trusted launch VMs',
-          id: 'workflows/trusted-launch',
-        },
+        // {
+        //   type: 'doc',
+        //   label: 'Use Azure trusted launch VMs',
+        //   id: 'workflows/trusted-launch',
+        // },
        {
          type: 'doc',
          label: 'Consume SBOMs',
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -155,7 +155,7 @@ type AzureConfig struct {
 	//   Deploy Azure Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage
 	DeployCSIDriver *bool `yaml:"deployCSIDriver" validate:"required"`
 	// description: |
-	//   Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview
+	//   Use Confidential VMs. Always needs to be true.
 	ConfidentialVM *bool `yaml:"confidentialVM" validate:"required"`
 	// description: |
 	//   Enable secure boot for VMs. If enabled, the OS image has to include a virtual machine guest state (VMGS) blob.
--- a/internal/config/config_doc.go
+++ b/internal/config/config_doc.go
@ -231,8 +231,8 @@ func init() {
 	AzureConfigDoc.Fields[10].Name = "confidentialVM"
 	AzureConfigDoc.Fields[10].Type = "bool"
 	AzureConfigDoc.Fields[10].Note = ""
-	AzureConfigDoc.Fields[10].Description = "Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview"
-	AzureConfigDoc.Fields[10].Comments[encoder.LineComment] = "Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview"
+	AzureConfigDoc.Fields[10].Description = "Use Confidential VMs. Always needs to be true."
+	AzureConfigDoc.Fields[10].Comments[encoder.LineComment] = "Use Confidential VMs. Always needs to be true."
 	AzureConfigDoc.Fields[11].Name = "secureBoot"
 	AzureConfigDoc.Fields[11].Type = "bool"
 	AzureConfigDoc.Fields[11].Note = ""