mirrors/node-feature-discovery
mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2025-03-31 04:04:51 +00:00
Code Activity
1595 commits 14 branches 71 tags 137 MiB
Commit graph

5 commits

Author SHA1 Message Date
Fabiano Fidêncio
10672e1bba cpu: Expose the total number of keys for TDX 
The total amount of keys that can be used on a specific TDX system is
exposed via the cgroups misc.capacity. See:

```
$ cat /sys/fs/cgroup/misc.capacity
tdx 31
```

The first step to properly manage the amount of keys present in a node
is exposing it via the NFD, and that's exactly what this commit does.

An example of how it ends up being exposed via the NFD:

```
$ kubectl get node 984fee00befb.jf.intel.com -o jsonpath='{.metadata.labels}'  | jq | grep tdx.total_keys
  "feature.node.kubernetes.io/cpu-security.tdx.total_keys": "31",
```

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2023-03-31 09:12:26 +02:00
Carlos Eduardo Arango Gutierrez
7171cfd4eb
cpu: expose AMD SEV support 
Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
Co-authored-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
Co-authored-by: Markus Lehtonen <markus.lehtonen@intel.com>
 2023-03-30 15:19:43 +02:00
Markus Lehtonen
a00cdc2b61 pkg/utils: move hostpath helpers from source to utils 
Refactor the code, moving the hostpath helper functionality to new
"pkg/utils/hostpath" package. This breaks odd-ish dependency
"pkg/utils" -> "source".
 2022-10-06 14:28:24 +03:00
Fabiano Fidêncio
d5db1cf907 cpu: Discover Intel TDX 
Set `cpu-security.tdx.enable` to `true` when TDX is avialable and has
been enabled. otherwise it'll be set to `false`.

`/sys/module/kvm_intel/parameters/tdx` presence and content is used to
detect whether a CPU is Intel TDX capable.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-10-03 09:56:24 +02:00
Markus Lehtonen
f62b057bcd cpu: re-organize security features 
Move existing security/trusted-execution related features (i.e. SGX and
SE) under the same "security" feature, deprecating the old features. The
motivation for the change is to keep the source code and user interface
more organized as we experience a constant inflow of similar security
related features. This change will affect the user interface so it is
less painful to do it early on.

New feature labels will be:

  feature.node.kubernetes.io/cpu-security.se.enabled
  feature.node.kubernetes.io/cpu-security.sgx.enabled

and correspondingly new "cpu.security" feature with "se.enabled" and
"sgx.enabled" elements will be available for custom rules, for example:

      - name: "sample sgx rule"
        labels:
          sgx.sample.feature: "true"
        matchFeatures:
          - feature: cpu.security
            matchExpressions:
              "sgx.enabled": {op: IsTrue}

At the same time deprecate old labels "cpu-sgx.enabled" and
"cpu-se.enabled" feature labels and the corresponding features for
custom rules. These will be removed in the future causing an effective
change in NFDs user interface.
 2022-06-28 13:38:31 +03:00
Renamed from source/cpu/sgx_amd64.go (Browse further)