docs: clarify for Azure TDX with Terraform provider (#3449)

This commit is contained in:
Adrian Stobbe 2024-10-25 14:00:44 +02:00 committed by GitHub
parent 1ed1a627b3
commit 53caa86cb8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 33 additions and 11 deletions

View File

@ -34,8 +34,9 @@ This example shows how to set up a Constellation cluster with the reference IAM
Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios.
</TabItem> </TabItem>
<TabItem value="azure" label="Azure"> <TabItem value="azure" label="Azure">
When creating a cluster on Azure, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you
can also do it manually. :::info
On SEV-SNP, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you can also do it manually.
```bash ```bash
terraform init terraform init
@ -45,8 +46,6 @@ This example shows how to set up a Constellation cluster with the reference IAM
terraform apply -target constellation_cluster.azure_example # adjust resource path if not using the example configuration terraform apply -target constellation_cluster.azure_example # adjust resource path if not using the example configuration
``` ```
Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios.
Use the following policy if manually performing the patch. Use the following policy if manually performing the patch.
``` ```
@ -67,7 +66,19 @@ This example shows how to set up a Constellation cluster with the reference IAM
}; };
``` ```
:::
Initialize the providers and apply the configuration.
```bash
terraform init
terraform apply
```
Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios.
</TabItem> </TabItem>
<TabItem value="gcp" label="GCP"> <TabItem value="gcp" label="GCP">
Initialize the providers and apply the configuration. Initialize the providers and apply the configuration.

View File

@ -34,8 +34,9 @@ This example shows how to set up a Constellation cluster with the reference IAM
Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios.
</TabItem> </TabItem>
<TabItem value="azure" label="Azure"> <TabItem value="azure" label="Azure">
When creating a cluster on Azure, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you
can also do it manually. :::info
On SEV-SNP, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you can also do it manually.
```bash ```bash
terraform init terraform init
@ -45,8 +46,6 @@ This example shows how to set up a Constellation cluster with the reference IAM
terraform apply -target constellation_cluster.azure_example # adjust resource path if not using the example configuration terraform apply -target constellation_cluster.azure_example # adjust resource path if not using the example configuration
``` ```
Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios.
Use the following policy if manually performing the patch. Use the following policy if manually performing the patch.
``` ```
@ -67,7 +66,19 @@ This example shows how to set up a Constellation cluster with the reference IAM
}; };
``` ```
:::
Initialize the providers and apply the configuration.
```bash
terraform init
terraform apply
```
Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios.
</TabItem> </TabItem>
<TabItem value="gcp" label="GCP"> <TabItem value="gcp" label="GCP">
Initialize the providers and apply the configuration. Initialize the providers and apply the configuration.

View File

@ -21,7 +21,7 @@ locals {
location = "northeurope" location = "northeurope"
control_plane_count = 3 control_plane_count = 3
worker_count = 2 worker_count = 2
instance_type = "Standard_DC4as_v5" instance_type = "Standard_DC4as_v5" // Adjust if using TDX
subscription_id = "00000000-0000-0000-0000-000000000000" subscription_id = "00000000-0000-0000-0000-000000000000"
master_secret = random_bytes.master_secret.hex master_secret = random_bytes.master_secret.hex