From 15de42bba2ba28bbae01cab6705d57a7c5c8c05a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= Date: Mon, 20 Nov 2023 10:21:31 +0100 Subject: [PATCH] Review suggestions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- docs/docs/architecture/attestation.md | 2 +- docs/docs/getting-started/first-steps-local.md | 6 +++--- docs/docs/getting-started/first-steps.md | 4 ++-- docs/docs/getting-started/install.md | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/docs/architecture/attestation.md b/docs/docs/architecture/attestation.md index 576bc88657..fd42508fd7 100644 --- a/docs/docs/architecture/attestation.md +++ b/docs/docs/architecture/attestation.md @@ -90,7 +90,7 @@ Any changes to the image will inevitably also change the measured boot's PCR val To create a node attestation statement, the Constellation image obtains a CVM attestation statement from the hardware. This includes the runtime measurements and thereby binds the measured boot results to the CVM hardware measurement. -In addition to the image measurements, Constellation extends a PCR during the [initialization phase](../workflows/create.md#the-apply-step) that irrevocably marks the node as initialized. +In addition to the image measurements, Constellation extends a PCR during the [initialization phase](../workflows/create.md) that irrevocably marks the node as initialized. The measurement is created using the [*clusterID*](../architecture/keys.md#cluster-identity), tying all future attestation statements to this ID. Thereby, an attestation statement is unique for every cluster and a node can be identified unambiguously as being initialized. diff --git a/docs/docs/getting-started/first-steps-local.md b/docs/docs/getting-started/first-steps-local.md index 571c217bb6..052d29eaef 100644 --- a/docs/docs/getting-started/first-steps-local.md +++ b/docs/docs/getting-started/first-steps-local.md @@ -103,16 +103,16 @@ attaching persistent storage, or autoscaling aren't available. 2. Now you can create your cluster and its nodes. `constellation apply` uses the options set in `constellation-conf.yaml`. ```bash - constellation apply + constellation apply -y ``` - The Output should look like the following:: + The Output should look like the following: ```shell-session $ constellation apply -y Checking for infrastructure changes The following Constellation cluster will be created: - 1 control-plane node of type 2-vCPUs will be created. + 3 control-plane nodes of type 2-vCPUs will be created. 1 worker node of type 2-vCPUs will be created. Creating Cloud infrastructure created successfully. diff --git a/docs/docs/getting-started/first-steps.md b/docs/docs/getting-started/first-steps.md index c6a8e05691..c58d4a0aea 100644 --- a/docs/docs/getting-started/first-steps.md +++ b/docs/docs/getting-started/first-steps.md @@ -137,8 +137,8 @@ If you encounter any problem with the following steps, make sure to use the [lat $ constellation apply -y Checking for infrastructure changes The following Constellation cluster will be created: - 3 control-plane node of type n2d-standard-4 will be created. - 2 worker node of type n2d-standard-4 will be created. + 3 control-plane nodes of type n2d-standard-4 will be created. + 1 worker node of type n2d-standard-4 will be created. Creating Cloud infrastructure created successfully Your Constellation master secret was successfully written to ./constellation-mastersecret.json diff --git a/docs/docs/getting-started/install.md b/docs/docs/getting-started/install.md index 03848d23b8..8a2313e2d1 100644 --- a/docs/docs/getting-started/install.md +++ b/docs/docs/getting-started/install.md @@ -129,7 +129,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu The built-in `Owner` role is a superset of these permissions. -To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: +To [create a Constellation cluster](../workflows/create.md), you need the following permissions: * `Microsoft.Attestation/attestationProviders/*` \[2] * `Microsoft.Compute/virtualMachineScaleSets/*` * `Microsoft.Insights/components/*` @@ -168,7 +168,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu Together, the built-in roles `roles/editor` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. -To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: +To [create a Constellation cluster](../workflows/create.md), you need the following permissions: * `compute.addresses.createInternal` * `compute.addresses.deleteInternal` * `compute.addresses.get` @@ -279,7 +279,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu The built-in `AdministratorAccess` policy is a superset of these permissions. -To [create a Constellation cluster](../workflows/create.md#the-create-step), see the permissions of [main.tf](https://github.com/edgelesssys/constellation/blob/main/terraform/infrastructure/iam/aws/main.tf). +To [create a Constellation cluster](../workflows/create.md), see the permissions of [main.tf](https://github.com/edgelesssys/constellation/blob/main/terraform/infrastructure/iam/aws/main.tf). The built-in `PowerUserAccess` policy is a superset of these permissions.