Skip to content

Commit

Permalink
Merge pull request #1350 from marquiz/devel/security-labels
Browse files Browse the repository at this point in the history
cpu: drop the deprecated sgx and se labels
  • Loading branch information
k8s-ci-robot authored Sep 8, 2023
2 parents a2083f8 + c126764 commit bcdee7b
Show file tree
Hide file tree
Showing 3 changed files with 0 additions and 32 deletions.
4 changes: 0 additions & 4 deletions docs/usage/customization-guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -755,12 +755,8 @@ The following features are available for matching:
| | | **`sev.enabled`** | bool | `true` if AMD SEV (Secure Encrypted Virtualization) is available on the host and has been enabled, otherwise does not exist
| | | **`sev.es.enabled`** | bool | `true` if AMD SEV-ES (Encrypted State supported) is available on the host and has been enabled, otherwise does not exist
| | | **`sev.snp.enabled`** | bool | `true` if AMD SEV-SNP (Secure Nested Paging supported) is available on the host and has been enabled, otherwise does not exist
| **`cpu.sgx`** | attribute | | | **DEPRECATED**: replaced by **`cpu.security`** feature
| | | **`enabled`** | bool | **DEPRECATED**: use **`sgx.enabled`** from **`cpu.security`** instead
| **`cpu.sst`** | attribute | | | Intel SST (Speed Select Technology) capabilities
| | | **`bf.enabled`** | bool | `true` if Intel SST-BF (Intel Speed Select Technology - Base frequency) has been enabled, otherwise does not exist
| **`cpu.se`** | attribute | | | **DEPRECATED**: replaced by **`cpu.security`** feature
| | | **`enabled`** | bool | **DEPRECATED**: use **`se.enabled`** from **`cpu.security`** instead
| **`cpu.topology`** | attribute | | | CPU topology related features
| | | **`hardware_multithreading`** | bool | Hardware multithreading, such as Intel HTT, is enabled
| **`cpu.coprocessor`** | attribute | | | CPU Coprocessor related features
Expand Down
2 changes: 0 additions & 2 deletions docs/usage/features.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,6 @@ feature.node.kubernetes.io/<feature> = <value>
| **`cpu-security.sev.snp.enabled`**| true | Set to 'true' if ADM SEV-SNP is available on the host and has been enabled (requires `/sys/module/kvm_amd/parameters/sev_snp`).
| **`cpu-security.sex.asids`** | int | The total amount of AMD SEV address-space identifiers (ASIDs), based on the `/sys/fs/cgroup/misc.capacity` information.
| **`cpu-security.sex.encrypted_state_ids`** | int | The total amount of AMD SEV-ES and SEV-SNP supported, based on the `/sys/fs/cgroup/misc.capacity` information.
| **`cpu-sgx.enabled`** | true | **DEPRECATED**: use **`cpu-security.sgx.enabled`** instead.
| **`cpu-se.enabled`** | true | **DEPRECATED**: use **`cpu-security.se.enabled`** instead.
| **`cpu-model.vendor_id`** | string | Comparable CPU vendor ID.
| **`cpu-model.family`** | int | CPU family.
| **`cpu-model.id`** | int | CPU model number.
Expand Down
26 changes: 0 additions & 26 deletions source/cpu/cpu.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,7 @@ const (
CstateFeature = "cstate"
PstateFeature = "pstate"
RdtFeature = "rdt"
SeFeature = "se" // DEPRECATED in v0.12: will be removed in the future
SecurityFeature = "security"
SgxFeature = "sgx" // DEPRECATED in v0.12: will be removed in the future
SstFeature = "sst"
TopologyFeature = "topology"
CoprocessorFeature = "coprocessor"
Expand Down Expand Up @@ -189,16 +187,6 @@ func (s *cpuSource) GetLabels() (source.FeatureLabels, error) {
}
}

// SGX
for k, v := range features.Attributes[SgxFeature].Elements {
labels["sgx."+k] = v
}

// Secure Execution
for k, v := range features.Attributes[SeFeature].Elements {
labels["se."+k] = v
}

// SST
for k, v := range features.Attributes[SstFeature].Elements {
labels["power.sst_"+k] = v
Expand Down Expand Up @@ -248,20 +236,6 @@ func (s *cpuSource) Discover() error {
// Detect available guest protection(SGX,TDX,SEV) features
s.features.Attributes[SecurityFeature] = nfdv1alpha1.NewAttributeFeatures(discoverSecurity())

// Detect SGX features
//
// DEPRECATED in v0.12: will be removed in the future
if val, ok := s.features.Attributes[SecurityFeature].Elements["sgx.enabled"]; ok {
s.features.Attributes[SgxFeature] = nfdv1alpha1.NewAttributeFeatures(map[string]string{"enabled": val})
}

// Detect Secure Execution features
//
// DEPRECATED in v0.12: will be removed in the future
if val, ok := s.features.Attributes[SecurityFeature].Elements["se.enabled"]; ok {
s.features.Attributes[SeFeature] = nfdv1alpha1.NewAttributeFeatures(map[string]string{"enabled": val})
}

// Detect SST features
s.features.Attributes[SstFeature] = nfdv1alpha1.NewAttributeFeatures(discoverSST())

Expand Down

0 comments on commit bcdee7b

Please sign in to comment.