mirrors/node-feature-discovery
mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2025-03-17 13:58:21 +00:00
Code Activity

docs: fix documentation on SEV security features

Browse source 
First, fix a typo s/sex/sev/. Second, these features are not advertised
as node labels but only as "raw" features available for consumption in
NodeFeatureRules.

(cherry picked from commit 14d26f2c47)
This commit is contained in:
Markus Lehtonen 2023-11-02 17:35:55 +02:00
parent 71dd923bb6
commit 37895bbb53
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/usage/customization-guide.md
View file

@ -755,6 +755,8 @@ The following features are available for matching:
| | | **`sev.enabled`** | bool | `true` if AMD SEV (Secure Encrypted Virtualization) is available on the host and has been enabled, otherwise does not exist | | | **`sev.enabled`** | bool | `true` if AMD SEV (Secure Encrypted Virtualization) is available on the host and has been enabled, otherwise does not exist
| | | **`sev.es.enabled`** | bool | `true` if AMD SEV-ES (Encrypted State supported) is available on the host and has been enabled, otherwise does not exist | | | **`sev.es.enabled`** | bool | `true` if AMD SEV-ES (Encrypted State supported) is available on the host and has been enabled, otherwise does not exist
| | | **`sev.snp.enabled`** | bool | `true` if AMD SEV-SNP (Secure Nested Paging supported) is available on the host and has been enabled, otherwise does not exist | | | **`sev.snp.enabled`** | bool | `true` if AMD SEV-SNP (Secure Nested Paging supported) is available on the host and has been enabled, otherwise does not exist
| | | **`sev.asids`** | int | The total amount of AMD SEV address-space identifiers (ASIDs), based on the `/sys/fs/cgroup/misc.capacity` information.
| | | **`sev.encrypted_state_ids`** | int | The total amount of AMD SEV-ES and SEV-SNP supported, based on the `/sys/fs/cgroup/misc.capacity` information.
| **`cpu.sgx`** | attribute | | | **DEPRECATED**: replaced by **`cpu.security`** feature | **`cpu.sgx`** | attribute | | | **DEPRECATED**: replaced by **`cpu.security`** feature
| | | **`enabled`** | bool | **DEPRECATED**: use **`sgx.enabled`** from **`cpu.security`** instead | | | **`enabled`** | bool | **DEPRECATED**: use **`sgx.enabled`** from **`cpu.security`** instead
| **`cpu.sst`** | attribute | | | Intel SST (Speed Select Technology) capabilities | **`cpu.sst`** | attribute | | | Intel SST (Speed Select Technology) capabilities

2
docs/usage/features.md
View file

@ -62,8 +62,6 @@ feature.node.kubernetes.io/<feature> = <value>
| **`cpu-security.sev.enabled`** | true | Set to 'true' if ADM SEV is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev`). | **`cpu-security.sev.enabled`** | true | Set to 'true' if ADM SEV is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev`).
| **`cpu-security.sev.es.enabled`** | true | Set to 'true' if ADM SEV-ES is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_es`). | **`cpu-security.sev.es.enabled`** | true | Set to 'true' if ADM SEV-ES is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_es`).
| **`cpu-security.sev.snp.enabled`**| true | Set to 'true' if ADM SEV-SNP is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_snp`). | **`cpu-security.sev.snp.enabled`**| true | Set to 'true' if ADM SEV-SNP is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_snp`).
| **`cpu-security.sex.asids`** | int | The total amount of AMD SEV address-space identifiers (ASIDs), based on the `/sys/fs/cgroup/misc.capacity` information.
| **`cpu-security.sex.encrypted_state_ids`** | int | The total amount of AMD SEV-ES and SEV-SNP supported, based on the `/sys/fs/cgroup/misc.capacity` information.
| **`cpu-sgx.enabled`** | true | **DEPRECATED**: use **`cpu-security.sgx.enabled`** instead. | **`cpu-sgx.enabled`** | true | **DEPRECATED**: use **`cpu-security.sgx.enabled`** instead.
| **`cpu-se.enabled`** | true | **DEPRECATED**: use **`cpu-security.se.enabled`** instead. | **`cpu-se.enabled`** | true | **DEPRECATED**: use **`cpu-security.se.enabled`** instead.
| **`cpu-model.vendor_id`** | string | Comparable CPU vendor ID. | **`cpu-model.vendor_id`** | string | Comparable CPU vendor ID.