Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
GNU Affero General Public License v3.0
906
stars
47
forks
source link
terraform: only set `confidential_instance_type` if `cc_technology` is `SEV_SNP` #3085
Upgrades of existing GCP SEV-ES clusters are failing because setting confidential_instance_type makes Terraform want to re-create the instance templates, which does not work because they are still in use by instances.
Proposed change(s)
Only set confidential_instance_type if cc_technology is SEV_SNP
When this feature is introduced into the mainline GCP Terraform provider, we will likely have to introduce some form of migration, but I would hold of on that until the provider maintainers decide on how this will look like
Context
Upgrades of existing GCP SEV-ES clusters are failing because setting
confidential_instance_type
makes Terraform want to re-create the instance templates, which does not work because they are still in use by instances.Proposed change(s)
confidential_instance_type
ifcc_technology
isSEV_SNP
Related issue
Checklist