edgelesssys / constellation

Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.

GNU Affero General Public License v3.0

947 stars 50 forks source link

v2.17.0 missing AVX support #3262

Open derpsteb opened 3 months ago

derpsteb commented 3 months ago

Issue description

AVX support is disabled in OS images of Constellation.

To reproduce

Spawn a Constellation cluster with version 2.17.0
Spawn a nodes shell on a node
lscpu | grep -i avx is empty

Environment

AWS, Azure

Expected behavior

lscpu | grep -i avx prints AVX

Additional info

We are currently investigating an appropriate fix.

Mitigation

This is only required if your deployments depend on AVX instructions. In that case: use cluster version 2.16.4.

derpsteb commented 2 months ago

We have debugged the issue and identified a misbehaving hypervisor for AWS and Azure. AWS is working on a fix. Azure confirmed that the issue is known and a fix is close to being deployed.

hpvd commented 1 week ago

Do you have any new information about this topic on aws/azure?