Support AMD SEV-SNP on AWS

AMD SEV-SNP is one of the confidential computing technologies.
This commit adds support for AMD SEV-SNP on AWS, so users can
utilize the confidential computing on the cluster nodes.

Signed-off-by: Fangge Jin <[email protected]>

Author: fangge1212

machine/v1beta1/types_awsprovider.go

@@ -17,6 +17,9 @@ type AWSMachineProviderConfig struct {
 	AMI AWSResourceReference `json:"ami"`
 	// instanceType is the type of instance to create. Example: m4.xlarge
 	InstanceType string `json:"instanceType"`
+	// cpuOptions is the set of cpu options for the instance, where you can enable/disable AMD SEV-SNP on the instance.
+	// +optional
+	CpuOptions *CpuOptions `json:"cpuOptions,omitempty"`
 	// tags is the set of tags to add to apply to an instance, in addition to the ones
 	// added by default by the actuator. These tags are additive. The actuator will ensure
 	// these tags are present, but will not remove any other tags that may exist on the
@@ -109,6 +112,19 @@ type AWSMachineProviderConfig struct {
 	MarketType MarketType `json:"marketType,omitempty"`
 }
 
+// CpuOptions defines the cpu options for the instance.
+type CpuOptions struct {
+	// amdSevSnp enables AMD SEV-SNP on the instance.
+	// When set to true, AMD SEV-SNP is enabled on the instance. If it is set to true:
+	// 1) Use an instance type that supports AMD SEV-SNP.
+	// 2) Launch your instance with supported AWS region.
+	// 3) Use an AMI with uefi or uefi-preferred boot mode and an operating system that supports AMD SEV-SNP.
+	// More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html
+	// When set to false(default), AMD SEV-SNP is disabled on the instance.
+	// +optional
+	AmdSevSnp *bool `json:"amdSevSnp,omitempty"`
+}
+
 // BlockDeviceMappingSpec describes a block device mapping
 type BlockDeviceMappingSpec struct {
 	// The device name exposed to the machine (for example, /dev/sdh or xvdh).

machine/v1beta1/zz_generated.deepcopy.go

@@ -21953,6 +21953,10 @@
           "type": "string",
           "default": ""
         },
+        "cpuOptions": {
+          "description": "CpuOptions is the set of cpu options for the instance, where you can enable/disable AMD SEV-SNP on the instance.",
+          "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.CpuOptions"
+        },
         "credentialsSecret": {
           "description": "credentialsSecret is a reference to the secret with AWS credentials. Otherwise, defaults to permissions provided by attached IAM role where the actuator is running.",
           "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference"
@@ -22479,6 +22483,16 @@
         }
       }
     },
+    "com.github.openshift.api.machine.v1beta1.CpuOptions": {
+      "description": "CpuOptions defines the cpu options for the instance.",
+      "type": "object",
+      "properties": {
+        "amdSevSnp": {
+          "description": "AmdSevSnp enables AMD SEV-SNP on the instance. When set to true, AMD SEV-SNP is enabled on the instance. If it is set to true: 1) Use an instance type that supports AMD SEV-SNP. 2) Launch your instance with supported AWS region. 3) Use an AMI with uefi or uefi-preferred boot mode and an operating system that supports AMD SEV-SNP. More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html When set to false(default), AMD SEV-SNP is disabled on the instance.",
+          "type": "boolean"
+        }
+      }
+    },
     "com.github.openshift.api.machine.v1beta1.DataDisk": {
       "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine. A Data Disk is a managed disk that's attached to a virtual machine to store application data. It differs from an OS Disk as it doesn't come with a pre-installed OS, and it cannot contain the boot volume. It is registered as SCSI drive and labeled with the chosen `lun`. e.g. for `lun: 0` the raw disk device will be available at `/dev/disk/azure/scsi1/lun0`.\n\nAs the Data Disk disk device is attached raw to the virtual machine, it will need to be partitioned, formatted with a filesystem and mounted, in order for it to be usable. This can be done by creating a custom userdata Secret with custom Ignition configuration to achieve the desired initialization. At this stage the previously defined `lun` is to be used as the \"device\" key for referencing the raw disk device to be initialized. Once the custom userdata Secret has been created, it can be referenced in the Machine's `.providerSpec.userDataSecret`. For further guidance and examples, please refer to the official OpenShift docs.",
       "type": "object",