This is needed in order to ensure the nydus-snapshotter will behave
properly when it's set in the runtime handler.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The offline_fs_kbc file needs to be updated to use a kbs-uri compatible name
for the key, and the container image has been regenerated to reference the
decryption key via kbs uri in it's annotation.
The image has two tags: encrypted and decrypted.
Fixes: #6604
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
The operator-demo folder contains instruction to recreate the
ssh demo. This demo works only with the older code in the
operator `ccv0` branch. The code in `main` branch has deviated
significantly and the existing ssh demo will not work when using
the manifest from the main branch.
Signed-off-by: Pradipta Banerjee <pradipta.banerjee@gmail.com>
- In the operator documentation,
- use the CCv0 demo image as payload,
- reference the SSH demo.
- In the SSH demo documentation,
- use the `kata-cc` runtime,
- reference the operator demo.
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
There is now a public container image for the SSH demo with publicised
keys. Add the respective references.
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
Add basic documentation, Dockerfile, k8s and sandbox config for a demo
pod with SSH public key authentication.
Documentation on encrypting and running the image is omitted as of now,
for this is a more general topic which will require separate attention.
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
