From 37895bbb534e159d2b9c4ea72bf435b8d3bb95e9 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Thu, 2 Nov 2023 17:35:55 +0200 Subject: [PATCH] docs: fix documentation on SEV security features First, fix a typo s/sex/sev/. Second, these features are not advertised as node labels but only as "raw" features available for consumption in NodeFeatureRules. (cherry picked from commit 14d26f2c476b487f7606abb045cc9ee04e87b0bb) --- docs/usage/customization-guide.md | 2 ++ docs/usage/features.md | 2 -- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/usage/customization-guide.md b/docs/usage/customization-guide.md index 82e98b0e3..67e122f2b 100644 --- a/docs/usage/customization-guide.md +++ b/docs/usage/customization-guide.md @@ -755,6 +755,8 @@ The following features are available for matching: | | | **`sev.enabled`** | bool | `true` if AMD SEV (Secure Encrypted Virtualization) is available on the host and has been enabled, otherwise does not exist | | | **`sev.es.enabled`** | bool | `true` if AMD SEV-ES (Encrypted State supported) is available on the host and has been enabled, otherwise does not exist | | | **`sev.snp.enabled`** | bool | `true` if AMD SEV-SNP (Secure Nested Paging supported) is available on the host and has been enabled, otherwise does not exist +| | | **`sev.asids`** | int | The total amount of AMD SEV address-space identifiers (ASIDs), based on the `/sys/fs/cgroup/misc.capacity` information. +| | | **`sev.encrypted_state_ids`** | int | The total amount of AMD SEV-ES and SEV-SNP supported, based on the `/sys/fs/cgroup/misc.capacity` information. | **`cpu.sgx`** | attribute | | | **DEPRECATED**: replaced by **`cpu.security`** feature | | | **`enabled`** | bool | **DEPRECATED**: use **`sgx.enabled`** from **`cpu.security`** instead | **`cpu.sst`** | attribute | | | Intel SST (Speed Select Technology) capabilities diff --git a/docs/usage/features.md b/docs/usage/features.md index ca86e35bc..2ecabd150 100644 --- a/docs/usage/features.md +++ b/docs/usage/features.md @@ -62,8 +62,6 @@ feature.node.kubernetes.io/ = | **`cpu-security.sev.enabled`** | true | Set to 'true' if ADM SEV is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev`). | **`cpu-security.sev.es.enabled`** | true | Set to 'true' if ADM SEV-ES is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_es`). | **`cpu-security.sev.snp.enabled`**| true | Set to 'true' if ADM SEV-SNP is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_snp`). -| **`cpu-security.sex.asids`** | int | The total amount of AMD SEV address-space identifiers (ASIDs), based on the `/sys/fs/cgroup/misc.capacity` information. -| **`cpu-security.sex.encrypted_state_ids`** | int | The total amount of AMD SEV-ES and SEV-SNP supported, based on the `/sys/fs/cgroup/misc.capacity` information. | **`cpu-sgx.enabled`** | true | **DEPRECATED**: use **`cpu-security.sgx.enabled`** instead. | **`cpu-se.enabled`** | true | **DEPRECATED**: use **`cpu-security.se.enabled`** instead. | **`cpu-model.vendor_id`** | string | Comparable CPU vendor ID.