mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-24 23:19:39 -05:00
config: remove AWS SNP warning
This commit is contained in:
parent
3bc25cdd8f
commit
960118dc00
@ -561,12 +561,6 @@ func (a *applyCmd) validateInputs(cmd *cobra.Command, configFetcher attestationc
|
||||
a.flags.skipPhases.add(skipImagePhase)
|
||||
}
|
||||
|
||||
// Print warning about AWS attestation
|
||||
// TODO(derpsteb): remove once AWS fixes SEV-SNP attestation provisioning issues
|
||||
if !a.flags.skipPhases.contains(skipInitPhase) && conf.GetAttestationConfig().GetVariant().Equal(variant.AWSSEVSNP{}) {
|
||||
cmd.PrintErrln("WARNING: Attestation temporarily relies on AWS nitroTPM. See https://docs.edgeless.systems/constellation/workflows/config#choosing-a-vm-type for more information.")
|
||||
}
|
||||
|
||||
return conf, stateFile, nil
|
||||
}
|
||||
|
||||
|
@ -67,14 +67,6 @@ If you are using the attestation variant `awsNitroTPM`, you can choose any of th
|
||||
|
||||
The Constellation CLI can also print the supported instance types with: `constellation config instance-types`.
|
||||
|
||||
:::caution
|
||||
Due to a bug in AWS's SNP implementation, SNP report generation currently fails in unforeseeable circumstances.
|
||||
Therefore, even if you select attestation variant `awsSEVSNP`, Constellation still uses NitroTPM-based attestation.
|
||||
Nonetheless, runtime encryption is enabled.
|
||||
AWS is currently investigating the issue.
|
||||
SNP-based attestation will be enabled as soon as a fix is verified.
|
||||
:::
|
||||
|
||||
</tabItem>
|
||||
</tabs>
|
||||
|
||||
@ -86,7 +78,6 @@ By default, Constellation creates the node groups `control_plane_default` and `w
|
||||
If you require additional control-plane or worker groups with different instance types, zone placements, or disk sizes, you can add additional node groups to the `constellation-conf.yml` file.
|
||||
Each node group can be scaled individually.
|
||||
|
||||
|
||||
Consider the following example for AWS:
|
||||
|
||||
```yaml
|
||||
@ -120,9 +111,9 @@ You can use the field `zone` to specify what availability zone nodes of the grou
|
||||
On Azure, this field is empty by default and nodes are automatically spread across availability zones.
|
||||
Consult the documentation of your cloud provider for more information:
|
||||
|
||||
- [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/)
|
||||
- [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones)
|
||||
- [GCP](https://cloud.google.com/compute/docs/regions-zones)
|
||||
* [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/)
|
||||
* [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones)
|
||||
* [GCP](https://cloud.google.com/compute/docs/regions-zones)
|
||||
|
||||
## Choosing a Kubernetes version
|
||||
|
||||
|
@ -264,7 +264,7 @@ type QEMUConfig struct {
|
||||
// if not required.
|
||||
type AttestationConfig struct {
|
||||
// description: |
|
||||
// AWS SEV-SNP attestation. WARNING: Attestation temporarily relies on AWS nitroTPM. See https://docs.edgeless.systems/constellation/workflows/config#choosing-a-vm-type for more information.
|
||||
// AWS SEV-SNP attestation.
|
||||
AWSSEVSNP *AWSSEVSNP `yaml:"awsSEVSNP,omitempty" validate:"omitempty,dive"`
|
||||
// description: |
|
||||
// AWS Nitro TPM attestation.
|
||||
|
@ -401,8 +401,8 @@ func init() {
|
||||
AttestationConfigDoc.Fields[0].Name = "awsSEVSNP"
|
||||
AttestationConfigDoc.Fields[0].Type = "AWSSEVSNP"
|
||||
AttestationConfigDoc.Fields[0].Note = ""
|
||||
AttestationConfigDoc.Fields[0].Description = "AWS SEV-SNP attestation. WARNING: Attestation temporarily relies on AWS nitroTPM. See https://docs.edgeless.systems/constellation/workflows/config#choosing-a-vm-type for more information."
|
||||
AttestationConfigDoc.Fields[0].Comments[encoder.LineComment] = "AWS SEV-SNP attestation. WARNING: Attestation temporarily relies on AWS nitroTPM. See https://docs.edgeless.systems/constellation/workflows/config#choosing-a-vm-type for more information."
|
||||
AttestationConfigDoc.Fields[0].Description = "AWS SEV-SNP attestation."
|
||||
AttestationConfigDoc.Fields[0].Comments[encoder.LineComment] = "AWS SEV-SNP attestation."
|
||||
AttestationConfigDoc.Fields[1].Name = "awsNitroTPM"
|
||||
AttestationConfigDoc.Fields[1].Type = "AWSNitroTPM"
|
||||
AttestationConfigDoc.Fields[1].Note = ""
|
||||
|
Loading…
Reference in New Issue
Block a user