feat: Update CoCo pattern docs for v4 GA (Trustee 1.0, OSC 1.11)#645
Merged
butler54 merged 4 commits intovalidatedpatterns:mainfrom May 7, 2026
Merged
feat: Update CoCo pattern docs for v4 GA (Trustee 1.0, OSC 1.11)#645butler54 merged 4 commits intovalidatedpatterns:mainfrom
butler54 merged 4 commits intovalidatedpatterns:mainfrom
Conversation
Update confidential containers pattern documentation for the v4 GA release: - Upgrade component versions: Trustee 1.0, OSC 1.11, OCP 4.17+ - Add multi-cluster deployment support with ACM/MCH - Add new tested environments and version history page - Update Azure requirements with terminology and guidance fixes - Add missing technical terms to spellcheck wordlist Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
🤖 Thu May 07 04:28:37 - The preview is ready at: |
Collaborator
|
@butler54 Thank you for your PR.
|
|
@butler54 is there a way to see the preview? The link is broken. |
beraldoleal
reviewed
Apr 15, 2026
Major update to confidential containers pattern documentation: Architecture updates: - Update to v5 stack (OSC 1.12, Trustee 1.1, OCP 4.19.28+) - Document Kyverno-based cc_init_data injection replacing MutatingAdmissionPolicy - Add all four deployment topologies (simple, trusted-hub+spoke, baremetal, baremetal-gpu) - Explicit callouts for Intel TDX and NVIDIA H100 confidential GPU support - Document AMD SEV-SNP support (with note about future enhancements) New content: - Bare metal deployment instructions for Intel TDX and AMD SEV-SNP - GPU deployment guide for NVIDIA H100 confidential GPUs - Comprehensive troubleshooting page with problem/solution format - Four mermaid diagrams (architecture, Kyverno flow, bare metal components, attestation) Fixes: - Fix capitalization: "sandbox containers" -> "Sandboxed Containers" (beraldoleal) - Fix trustee-chart link to validatedpatterns org (beraldoleal) - Update OCP version refs from 4.17 to 4.19.28+ Enhanced documentation: - Split prerequisites into Azure and bare metal sections - Document RuntimeClass differences (kata-remote vs kata-cc vs kata-cc-nvidia-gpu) - Add PCR update workflow and troubleshooting - Expand security hardening guidance for production attestation policies - Add cross-references to multicloud-gitops-sgx and layered-zero-trust patterns - Update tested environments with v5, bare metal, and GPU configurations - Add regional availability notes for Azure confidential VMs Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
beekhof
approved these changes
May 7, 2026
…teness - Add AMD SEV-SNP support section (equal coverage with Intel TDX) - Broaden NVIDIA GPU support from H100-only to H100/H200/B100/B200 - Clarify Azure VM families are configurable (not just Standard_DCas_v5) - Add Intel TDX and AMD SEV vendor documentation links - Add Technology Preview designation for GPU support - Note GPU topology supports both Intel TDX and AMD SEV-SNP - Fix bare metal storage references: HPP not LVMS - Add 5 new troubleshooting entries: * Vault secrets timing out due to MCO reboots * ArgoCD apps in per-clusterGroup namespaces * CoCo pods starting before initdata annotations ready * SGX registration reset needed for TDX cluster rebuilds * TEE firmware misconfiguration detection - Clarify "CoCo pods" terminology throughout troubleshooting - Add MCO reboot notes to bare metal deployment sections - Update wordlist: blackwell, epyc, genoa, hpp, milan Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Contributor
|
New changes are detected. LGTM label has been removed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
coco-pattern-tested-environments.adoc)Test plan
🤖 Generated with Claude Code