feat: update capa with nutanix fork

api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmachine_types.go

@@ -116,6 +116,11 @@ type AWSMachineSpec struct {
 	// +kubebuilder:validation:MinLength:=2
 	InstanceType string `json:"instanceType"`
 
+	// CPUOptions defines CPU-related settings for the instance, including the confidential computing policy.
+	// When omitted, this means no opinion and the AWS platform is left to choose a reasonable default.
+	// +optional
+	CPUOptions CPUOptions `json:"cpuOptions,omitempty,omitzero"`
+
 	// AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the
 	// AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the
 	// AWSMachine's value takes precedence.

api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/types.go

@@ -293,6 +293,11 @@ type Instance struct {
 	// +kubebuilder:validation:Enum="";None;CapacityReservationsOnly;Open
 	// +optional
 	CapacityReservationPreference CapacityReservationPreference `json:"capacityReservationPreference,omitempty"`
+
+	// CPUOptions defines CPU-related settings for the instance, including the confidential computing policy.
+	// When omitted, this means no opinion and the AWS platform is left to choose a reasonable default.
+	// +optional
+	CPUOptions CPUOptions `json:"cpuOptions,omitempty,omitzero"`
 }
 
 // CapacityReservationPreference describes the preferred use of capacity reservations
@@ -534,3 +539,33 @@ var (
 	// SubnetSchemaPreferPublic allocates more subnets in the VPC to public subnets.
 	SubnetSchemaPreferPublic = SubnetSchemaType("PreferPublic")
 )
+
+// AWSConfidentialComputePolicy represents the confidential compute configuration for the instance.
+// +kubebuilder:validation:Enum=Disabled;AMDEncryptedVirtualizationNestedPaging
+type AWSConfidentialComputePolicy string
+
+const (
+	// AWSConfidentialComputePolicyDisabled disables confidential computing for the instance.
+	AWSConfidentialComputePolicyDisabled AWSConfidentialComputePolicy = "Disabled"
+	// AWSConfidentialComputePolicySEVSNP enables AMD SEV-SNP as the confidential computing technology for the instance.
+	AWSConfidentialComputePolicySEVSNP AWSConfidentialComputePolicy = "AMDEncryptedVirtualizationNestedPaging"
+)
+
+// CPUOptions defines CPU-related settings for the instance, including the confidential computing policy.
+// +kubebuilder:validation:MinProperties=1
+type CPUOptions struct {
+	// ConfidentialCompute specifies whether confidential computing should be enabled for the instance,
+	// and, if so, which confidential computing technology to use.
+	// Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging
+	// When set to Disabled, confidential computing will be disabled for the instance.
+	// When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance.
+	// In this case, ensure the following conditions are met:
+	// 1) The selected instance type supports AMD SEV-SNP.
+	// 2) The selected AWS region supports AMD SEV-SNP.
+	// 3) The selected AMI supports AMD SEV-SNP.
+	// More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html
+	// When omitted, this means no opinion and the AWS platform is left to choose a reasonable default,
+	// which is subject to change without notice. The current default is Disabled.
+	// +optional
+	ConfidentialCompute AWSConfidentialComputePolicy `json:"confidentialCompute,omitempty"`
+}

api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/eksconfig_types.go

@@ -110,203 +110,6 @@ type EKSConfigStatus struct {
 	Conditions clusterv1.Conditions `json:"conditions,omitempty"`
 }
 
-// Encoding specifies the cloud-init file encoding.
-// +kubebuilder:validation:Enum=base64;gzip;gzip+base64
-type Encoding string
-
-const (
-	// Base64 implies the contents of the file are encoded as base64.
-	Base64 Encoding = "base64"
-	// Gzip implies the contents of the file are encoded with gzip.
-	Gzip Encoding = "gzip"
-	// GzipBase64 implies the contents of the file are first base64 encoded and then gzip encoded.
-	GzipBase64 Encoding = "gzip+base64"
-)
-
-// File defines the input for generating write_files in cloud-init.
-type File struct {
-	// Path specifies the full path on disk where to store the file.
-	Path string `json:"path"`
-
-	// Owner specifies the ownership of the file, e.g. "root:root".
-	// +optional
-	Owner string `json:"owner,omitempty"`
-
-	// Permissions specifies the permissions to assign to the file, e.g. "0640".
-	// +optional
-	Permissions string `json:"permissions,omitempty"`
-
-	// Encoding specifies the encoding of the file contents.
-	// +optional
-	Encoding Encoding `json:"encoding,omitempty"`
-
-	// Append specifies whether to append Content to existing file if Path exists.
-	// +optional
-	Append bool `json:"append,omitempty"`
-
-	// Content is the actual content of the file.
-	// +optional
-	Content string `json:"content,omitempty"`
-
-	// ContentFrom is a referenced source of content to populate the file.
-	// +optional
-	ContentFrom *FileSource `json:"contentFrom,omitempty"`
-}
-
-// FileSource is a union of all possible external source types for file data.
-// Only one field may be populated in any given instance. Developers adding new
-// sources of data for target systems should add them here.
-type FileSource struct {
-	// Secret represents a secret that should populate this file.
-	Secret SecretFileSource `json:"secret"`
-}
-
-// SecretFileSource adapts a Secret into a FileSource.
-//
-// The contents of the target Secret's Data field will be presented
-// as files using the keys in the Data field as the file names.
-type SecretFileSource struct {
-	// Name of the secret in the KubeadmBootstrapConfig's namespace to use.
-	Name string `json:"name"`
-
-	// Key is the key in the secret's data map for this value.
-	Key string `json:"key"`
-}
-
-// PasswdSource is a union of all possible external source types for passwd data.
-// Only one field may be populated in any given instance. Developers adding new
-// sources of data for target systems should add them here.
-type PasswdSource struct {
-	// Secret represents a secret that should populate this password.
-	Secret SecretPasswdSource `json:"secret"`
-}
-
-// SecretPasswdSource adapts a Secret into a PasswdSource.
-//
-// The contents of the target Secret's Data field will be presented
-// as passwd using the keys in the Data field as the file names.
-type SecretPasswdSource struct {
-	// Name of the secret in the KubeadmBootstrapConfig's namespace to use.
-	Name string `json:"name"`
-
-	// Key is the key in the secret's data map for this value.
-	Key string `json:"key"`
-}
-
-// User defines the input for a generated user in cloud-init.
-type User struct {
-	// Name specifies the username
-	Name string `json:"name"`
-
-	// Gecos specifies the gecos to use for the user
-	// +optional
-	Gecos *string `json:"gecos,omitempty"`
-
-	// Groups specifies the additional groups for the user
-	// +optional
-	Groups *string `json:"groups,omitempty"`
-
-	// HomeDir specifies the home directory to use for the user
-	// +optional
-	HomeDir *string `json:"homeDir,omitempty"`
-
-	// Inactive specifies whether to mark the user as inactive
-	// +optional
-	Inactive *bool `json:"inactive,omitempty"`
-
-	// Shell specifies the user's shell
-	// +optional
-	Shell *string `json:"shell,omitempty"`
-
-	// Passwd specifies a hashed password for the user
-	// +optional
-	Passwd *string `json:"passwd,omitempty"`
-
-	// PasswdFrom is a referenced source of passwd to populate the passwd.
-	// +optional
-	PasswdFrom *PasswdSource `json:"passwdFrom,omitempty"`
-
-	// PrimaryGroup specifies the primary group for the user
-	// +optional
-	PrimaryGroup *string `json:"primaryGroup,omitempty"`
-
-	// LockPassword specifies if password login should be disabled
-	// +optional
-	LockPassword *bool `json:"lockPassword,omitempty"`
-
-	// Sudo specifies a sudo role for the user
-	// +optional
-	Sudo *string `json:"sudo,omitempty"`
-
-	// SSHAuthorizedKeys specifies a list of ssh authorized keys for the user
-	// +optional
-	SSHAuthorizedKeys []string `json:"sshAuthorizedKeys,omitempty"`
-}
-
-// NTP defines input for generated ntp in cloud-init.
-type NTP struct {
-	// Servers specifies which NTP servers to use
-	// +optional
-	Servers []string `json:"servers,omitempty"`
-
-	// Enabled specifies whether NTP should be enabled
-	// +optional
-	Enabled *bool `json:"enabled,omitempty"`
-}
-
-// DiskSetup defines input for generated disk_setup and fs_setup in cloud-init.
-type DiskSetup struct {
-	// Partitions specifies the list of the partitions to setup.
-	// +optional
-	Partitions []Partition `json:"partitions,omitempty"`
-
-	// Filesystems specifies the list of file systems to setup.
-	// +optional
-	Filesystems []Filesystem `json:"filesystems,omitempty"`
-}
-
-// Partition defines how to create and layout a partition.
-type Partition struct {
-	// Device is the name of the device.
-	Device string `json:"device"`
-	// Layout specifies the device layout.
-	// If it is true, a single partition will be created for the entire device.
-	// When layout is false, it means don't partition or ignore existing partitioning.
-	Layout bool `json:"layout"`
-	// Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-	// Use with caution. Default is 'false'.
-	// +optional
-	Overwrite *bool `json:"overwrite,omitempty"`
-	// TableType specifies the tupe of partition table. The following are supported:
-	// 'mbr': default and setups a MS-DOS partition table
-	// 'gpt': setups a GPT partition table
-	// +optional
-	TableType *string `json:"tableType,omitempty"`
-}
-
-// Filesystem defines the file systems to be created.
-type Filesystem struct {
-	// Device specifies the device name
-	Device string `json:"device"`
-	// Filesystem specifies the file system type.
-	Filesystem string `json:"filesystem"`
-	// Label specifies the file system label to be used. If set to None, no label is used.
-	Label string `json:"label"`
-	// Partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and <NUM>, where NUM is the actual partition number.
-	// +optional
-	Partition *string `json:"partition,omitempty"`
-	// Overwrite defines whether or not to overwrite any existing filesystem.
-	// If true, any pre-existing file system will be destroyed. Use with Caution.
-	// +optional
-	Overwrite *bool `json:"overwrite,omitempty"`
-	// ExtraOpts defined extra options to add to the command for creating the file system.
-	// +optional
-	ExtraOpts []string `json:"extraOpts,omitempty"`
-}
-
-// MountPoints defines input for generated mounts in cloud-init.
-type MountPoints []string
-
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:path=eksconfigs,scope=Namespaced,categories=cluster-api,shortName=eksc
 // +kubebuilder:storageversion