Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detect confidential computing capabilities of the cluster node #24

Open
bpradipt opened this issue Jan 12, 2022 · 8 comments · May be fixed by #243
Open

Detect confidential computing capabilities of the cluster node #24

bpradipt opened this issue Jan 12, 2022 · 8 comments · May be fixed by #243
Assignees
Labels
enhancement New feature or request

Comments

@bpradipt
Copy link
Member

This issue is to track the work required for operator to detect the node capability w.r.to SEV/TDX/SGXSE/PEF.

Also adding a reference to k8s node-feature-discovery - https://github.com/kubernetes-sigs/node-feature-discovery/

@mythi
Copy link
Contributor

mythi commented Jan 18, 2022

the work required for operator to detect the node capability

How we do this with SGX is that our SgxDevicePlugin CRD has a field for nodeSelector that gets added to a DaemonSet. The labels are created using NFD, plus we install a custom NFD source hook for additional SGX specific labels.

Would this pattern work for CcRuntime too?

@hbrueckner
Copy link

fyi, for Secure Execution there also a NFD PR to detect it: kubernetes-sigs/node-feature-discovery#790

@fidencio
Copy link
Member

fidencio commented Oct 6, 2022

So, SE, SGX, and TDX are already supported by the NFD. SEV-* support is still missing there, and by the moment it gets added we should rely on NFD for properly labelling the nodes.

@ariel-adam
Copy link
Member

@bpradipt is this issue still relevant or can be closed?
If it's still relevant to what release do you think we should map it to (mid-November, end-December, mid-February etc...)?

@fidencio
Copy link
Member

This issue is still relevant, se the comment from 6 days ago: #24 (comment)

I don't think this is material for this coming release, though, so I'm labelling it for the future ones.

@ariel-adam
Copy link
Member

@fidencio should I remove this out of the upcoming V0.3.0 release (22nd of January)?

@ariel-adam
Copy link
Member

Following comments from @fidencio moving to V0.4.0

@fidencio fidencio moved this from 🆕 New to 🏗 In progress in CoCo Releases Jul 27, 2023
@fidencio fidencio linked a pull request Aug 10, 2023 that will close this issue
@fidencio
Copy link
Member

I'll drop this one from v0.8.0, and make sure we get it in as part of v0.9.0.

The reason for that being TDX would be the one to benefit the most from this at this point, but our CCv0 CI has a way too old kernel that doesn't help us here. So, I'm postponing this to be part of the merge to main, so we can take advantage of a newer kernel there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
Status: 🏗 In progress
Development

Successfully merging a pull request may close this issue.

5 participants