Skip to content

Commit c25a423

Browse files
fangge1212fangge1212
committed
aws: Add cpuOptions to install-config.yaml
This will allow configuring confidential computing on AWS platform, only AMD SEV-SNP is supported for now. Signed-off-by: Fangge Jin <[email protected]>
1 parent cb21f12 commit c25a423

File tree

1 file changed

+128
-0
lines changed

1 file changed

+128
-0
lines changed

data/data/install.openshift.io_installconfigs.yaml

Lines changed: 128 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -171,6 +171,38 @@ spec:
171171
AMIID is the AMI that should be used to boot the ec2 instance.
172172
If set, the AMI should belong to the same region as the cluster.
173173
type: string
174+
cpuOptions:
175+
description: |-
176+
CPUOptions defines CPU-related settings for the instance, including the confidential computing policy.
177+
When omitted, this means no opinion and the AWS platform is left to choose a reasonable default.
178+
More info:
179+
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html,
180+
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html
181+
minProperties: 1
182+
properties:
183+
confidentialCompute:
184+
allOf:
185+
- enum:
186+
- Disabled
187+
- AMDEncryptedVirtualizationNestedPaging
188+
- enum:
189+
- Disabled
190+
- AMDEncryptedVirtualizationNestedPaging
191+
description: |-
192+
ConfidentialCompute specifies whether confidential computing should be enabled for the instance,
193+
and, if so, which confidential computing technology to use.
194+
Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted.
195+
When set to Disabled, confidential computing will be disabled for the instance.
196+
When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance.
197+
In this case, ensure the following conditions are met:
198+
1) The selected instance type supports AMD SEV-SNP.
199+
2) The selected AWS region supports AMD SEV-SNP.
200+
3) The selected AMI supports AMD SEV-SNP.
201+
More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html
202+
When omitted, this means no opinion and the AWS platform is left to choose a reasonable default,
203+
which is subject to change without notice. The current default is Disabled.
204+
type: string
205+
type: object
174206
iamProfile:
175207
description: |-
176208
IAMProfile is the name of the IAM instance profile to use for the machine.
@@ -1611,6 +1643,38 @@ spec:
16111643
AMIID is the AMI that should be used to boot the ec2 instance.
16121644
If set, the AMI should belong to the same region as the cluster.
16131645
type: string
1646+
cpuOptions:
1647+
description: |-
1648+
CPUOptions defines CPU-related settings for the instance, including the confidential computing policy.
1649+
When omitted, this means no opinion and the AWS platform is left to choose a reasonable default.
1650+
More info:
1651+
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html,
1652+
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html
1653+
minProperties: 1
1654+
properties:
1655+
confidentialCompute:
1656+
allOf:
1657+
- enum:
1658+
- Disabled
1659+
- AMDEncryptedVirtualizationNestedPaging
1660+
- enum:
1661+
- Disabled
1662+
- AMDEncryptedVirtualizationNestedPaging
1663+
description: |-
1664+
ConfidentialCompute specifies whether confidential computing should be enabled for the instance,
1665+
and, if so, which confidential computing technology to use.
1666+
Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted.
1667+
When set to Disabled, confidential computing will be disabled for the instance.
1668+
When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance.
1669+
In this case, ensure the following conditions are met:
1670+
1) The selected instance type supports AMD SEV-SNP.
1671+
2) The selected AWS region supports AMD SEV-SNP.
1672+
3) The selected AMI supports AMD SEV-SNP.
1673+
More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html
1674+
When omitted, this means no opinion and the AWS platform is left to choose a reasonable default,
1675+
which is subject to change without notice. The current default is Disabled.
1676+
type: string
1677+
type: object
16141678
iamProfile:
16151679
description: |-
16161680
IAMProfile is the name of the IAM instance profile to use for the machine.
@@ -2991,6 +3055,38 @@ spec:
29913055
AMIID is the AMI that should be used to boot the ec2 instance.
29923056
If set, the AMI should belong to the same region as the cluster.
29933057
type: string
3058+
cpuOptions:
3059+
description: |-
3060+
CPUOptions defines CPU-related settings for the instance, including the confidential computing policy.
3061+
When omitted, this means no opinion and the AWS platform is left to choose a reasonable default.
3062+
More info:
3063+
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html,
3064+
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html
3065+
minProperties: 1
3066+
properties:
3067+
confidentialCompute:
3068+
allOf:
3069+
- enum:
3070+
- Disabled
3071+
- AMDEncryptedVirtualizationNestedPaging
3072+
- enum:
3073+
- Disabled
3074+
- AMDEncryptedVirtualizationNestedPaging
3075+
description: |-
3076+
ConfidentialCompute specifies whether confidential computing should be enabled for the instance,
3077+
and, if so, which confidential computing technology to use.
3078+
Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted.
3079+
When set to Disabled, confidential computing will be disabled for the instance.
3080+
When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance.
3081+
In this case, ensure the following conditions are met:
3082+
1) The selected instance type supports AMD SEV-SNP.
3083+
2) The selected AWS region supports AMD SEV-SNP.
3084+
3) The selected AMI supports AMD SEV-SNP.
3085+
More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html
3086+
When omitted, this means no opinion and the AWS platform is left to choose a reasonable default,
3087+
which is subject to change without notice. The current default is Disabled.
3088+
type: string
3089+
type: object
29943090
iamProfile:
29953091
description: |-
29963092
IAMProfile is the name of the IAM instance profile to use for the machine.
@@ -4563,6 +4659,38 @@ spec:
45634659
AMIID is the AMI that should be used to boot the ec2 instance.
45644660
If set, the AMI should belong to the same region as the cluster.
45654661
type: string
4662+
cpuOptions:
4663+
description: |-
4664+
CPUOptions defines CPU-related settings for the instance, including the confidential computing policy.
4665+
When omitted, this means no opinion and the AWS platform is left to choose a reasonable default.
4666+
More info:
4667+
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html,
4668+
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html
4669+
minProperties: 1
4670+
properties:
4671+
confidentialCompute:
4672+
allOf:
4673+
- enum:
4674+
- Disabled
4675+
- AMDEncryptedVirtualizationNestedPaging
4676+
- enum:
4677+
- Disabled
4678+
- AMDEncryptedVirtualizationNestedPaging
4679+
description: |-
4680+
ConfidentialCompute specifies whether confidential computing should be enabled for the instance,
4681+
and, if so, which confidential computing technology to use.
4682+
Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted.
4683+
When set to Disabled, confidential computing will be disabled for the instance.
4684+
When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance.
4685+
In this case, ensure the following conditions are met:
4686+
1) The selected instance type supports AMD SEV-SNP.
4687+
2) The selected AWS region supports AMD SEV-SNP.
4688+
3) The selected AMI supports AMD SEV-SNP.
4689+
More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html
4690+
When omitted, this means no opinion and the AWS platform is left to choose a reasonable default,
4691+
which is subject to change without notice. The current default is Disabled.
4692+
type: string
4693+
type: object
45664694
iamProfile:
45674695
description: |-
45684696
IAMProfile is the name of the IAM instance profile to use for the machine.

0 commit comments

Comments
 (0)