Init pass at restructuring CoCo TOC#385
Conversation
Documentation preview |
a-mccarthy
changed the title
Signed-off-by: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
Signed-off-by: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
a-mccarthy
force-pushed
the
coco-strucutre
branch
from
8a83b89 to
8fac0fb
Compare
|
|
||
| resources: | ||
| limits: | ||
| nvidia.com/GH100_H200_141GB: "1" |
There was a problem hiding this comment.
confirm this is a valid gpu name on a node
| If you need a timeout of more than 1200 seconds, you will also need to adjust Kata Agent Policy's ``image_pull_timeout`` value which controls the agent-side timeout for guest-image pull. | ||
| To do this, add the ``agent.image_pull_timeout`` kernel parameter to your shim configuration, or pass an explicit value in a pod annotation in the ``io.katacontainers.config.hypervisor.kernel_params: "..."`` annotation. | ||
|
|
||
| "nvidia.com/GH100_H200_141GB": "1" |
There was a problem hiding this comment.
confirm this output.
| This page is an educational overview of attestation with Confidential Containers, not a complete configuration guide. | ||
| The attestation workflow is fully documented in the upstream `Confidential Containers documentation <https://confidentialcontainers.org/docs/attestation/>`_, which is the source of truth for setup and configuration details. | ||
|
|
||
| Attestation is not required to deploy Confidential Containers, but is required for features that rely on secrets in your cluster. |
There was a problem hiding this comment.
nit/thought: would we say it's not required to deploy workloads for evaluation purposes but it is required for ensuring/proving the confidentiality guarantees?
As of now, it sounds a bit like: As long as you don't need secrets, you don't need attestation. That is a bit odd.
| ***************************************** | ||
|
|
||
| Confidential Containers enables sensible default attestation policies for NVIDIA Confidential Computing GPUs. | ||
| In most cases, the default policy is appropriate and you only need to provide reference values. |
There was a problem hiding this comment.
"In most cases, the default policy is appropriate and you only need to provide reference values." - this is unclear to me. Can we say what the default policy is - or ... remove this?
|
|
||
| ***************************************************** | ||
| ##################################################### | ||
| NVIDIA Confidential Containers Reference Architecture |
There was a problem hiding this comment.
I am thinking of whether it is possible to make the aspects
"Supported Features and Deployment Scenarios" and "Limitations and Restrictions" a bit more prominent. These get a bit buried in the already lengthy overview page. Maybe we can relocate these two into a different main page (or even create a separate main page)?
manuelh-dev
left a comment
manuelh-dev
left a comment
There was a problem hiding this comment.
LGTM, left just a few comments, feel free to resolve these if these don't seem immediately helpful
2 participants
The deployment guide has grown quite long. this is a draft attempt at splitting up the content into a more useable form.