Update Quickstart for v0.8

Fixes: https://github.com/confidential-containers/enclave-cc/issues/181

- Add the content of deploy KBS cluster and create encrypted image in enclave-cc.md
- Delete verdictd in enclave-cc.md and add cc-kbc and sample-kbc content, and give examples of usage
- Modify the creation of enclave-cc custom resource in quickstart.md

Signed-off-by: Huiting Hou <huiting.hou@linux.alibaba.com>

guides/enclave-cc.md

@@ -7,12 +7,16 @@ section of the [quickstart guide](../quickstart.md).
 
 ## Configuring enclave-cc custom resource to use a different KBC
 
+**Note** Before configuring KBC, please refer to the
+[guide](../quickstart.md#deploy-and-configure-tenant-side-coco-key-broker-system-cluster) to deploy KBS cluster.
+
 **Note** The KBC configuration changes to the enclave-cc custom resource yaml 
 must be made **before** deploying it. 
 
-Enclave CC supports Verdictd and in order to use it, users will have to
-properly configure a decrypt_config.conf, in order to set the `KBC` (`sample_kbc`
-or `eaa_kbc`) `IP`,`PORT`, and the `SECURITY_VALIDATE` (`false` or  `true`)
+Enclave CC supports cc-kbc and sample-kbc, in order to use them, users will have to
+properly configure a `decrypt_config.conf`, in order to set the `KBC` (`cc_kbc`
+or `sample_kbc`) `IP`,`PORT`, and the `SECURITY_VALIDATE` (`false` or  `true`).
+
 ```json
 {
     "key_provider": "provider:attestation-agent:KBC::IP:PORT",
@@ -20,6 +24,23 @@ or `eaa_kbc`) `IP`,`PORT`, and the `SECURITY_VALIDATE` (`false` or  `true`)
 }
 ```
 
+The following is an example of `cc_kbc`:
+
+```json
+{
+    "key_provider": "provider:attestation-agent:cc_kbc::http://127.0.0.1:8080",
+    "security_validate": true
+}
+```
+The following is an example of `sample_kbc`:
+
+```json
+{
+    "key_provider": "provider:attestation-agent:sample_kbc::127.0.0.1:50000",
+    "security_validate": false
+}
+```
+
 Once that's set according to the users needs, the user will then have to run:
 `cat decrypt_config.conf | base64 -w 0` in order to get the data encoded and
 set it accordingly [here](https://github.com/confidential-containers/operator/blob/6f241fbc056f0a5d9e1bd2c10b2cedc0782b99ff/config/samples/enclave-cc/base/ccruntime-enclave-cc.yaml#L124).
@@ -27,7 +48,11 @@ set it accordingly [here](https://github.com/confidential-containers/operator/bl
 ## Creating a sample CoCo workload using enclave-cc
 
 As an example, we setup a sample *hello world*
-workload with an encrypted and cosign signed container image using the `enclave-cc` runtime class for process based TEEs.
+workload with an encrypted and cosign signed container image using the `enclave-cc` runtime class for process based TEEs. 
+This encrypted image is only used for testing. 
+If you want to use it in your own production use cases, please refer to
+the [guide](../quickstart.md#encrypting-an-image) to create a new encrypted image and deploy it.
+
 The deployment below assumes the hardware SGX mode build is installed by the operator. To try on a non-TEE system, please
 use simulate SGX mode build.
 

quickstart.md

@@ -76,6 +76,8 @@ kubectl get pods -n confidential-containers-system --watch
 
 ### Create the custom resource
 
+#### Create custom resource for kata
+
 Creating a custom resource installs the required CC runtime pieces into the cluster node and creates
 the `RuntimeClasses`
 
@@ -104,7 +106,10 @@ kubectl get pods -n confidential-containers-system --watch
 #### Create custom resource for enclave-cc
 
 **Note** For `enclave-cc` certain configuration changes, such as setting the
-URI of the KBS, must be made **before** applying the custom resource.
+URI of the KBS, must be made **before** applying the custom resource. 
+Please refer to the [guide](./guides/enclave-cc.md#configuring-enclave-cc-custom-resource-to-use-a-different-kbc)
+to modify the enclave-cc configuration.
+
 Please see the [enclave-cc guide](./guides/enclave-cc.md) for more information.
 
 `enclave-cc` is a form of Confidential Containers that uses process-based isolation.