As we're about to release v0.3.0, let's update the quickstart guide so
it's easier for folks to try it out using the correct latest release.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Let's adapt the instructions to using kustomize for deploying the sample
ccruntime custom resource.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The operator does not work(**) with SELinux enabled and enforced. Added
a note about it on the prequisites section.
(**) https://github.com/confidential-containers/operator/issues/115
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
The CoCo Pod might fail when *IfNotPresent* policy is set. Add some
words about that on the troubleshoot section.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
skopeo can leave the image unencrypted without any notice. Added a
comment about checking it is not the case for an image built by the
user.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Mentioned that the encryption key for SEV offline KBC should have 32
bytes and be base64 encoded.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
There is a bug(**) on sevctl affecting some versions of the package on RHEL
and Fedora. Added a note mentioning it might be needed to build the tool
from the sources.
(**) https://bugzilla.redhat.com/show_bug.cgi?id=2037963
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
sevctl repository at enarx organization is now read-only as the development moved to
https://github.com/virtee/sevctl. The URL was updated in the quickstart.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Add new feature for authenticated registry support and point to
the design docs. We might have more info on how to set it up in future
but that is probably linked to configuration the guest image for
offline_fs_kbc configuration in non-TEE scenario and separated for
other confidential hardware, so we might need the quickstart guide
to be broken down into separate topics first
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
Adding extra information about the flag in skopeo copy command.
Signed-off-by: Unmesh Deodhar <udeodhar@amd.com>
Fixing newline change.
Fixing the newline change.
Signed-off-by: Unmesh Deodhar <udeodhar@amd.com>
Removing sudo for docker commands
Assuming user has setup the docker correctly, we do not need to use sudo for docker commands.
Signed-off-by: Unmesh Deodhar <udeodhar@amd.com>
quickstart: Filling gaps in the SEV documentation.
Fixing a couple of permission issues and command line parameters for skopeo.
Signed-off-by: Unmesh Deodhar <udeodhar@amd.com>
Enclave CC requires the Kind cluster to be prepared with
`/opt/confidential-containers` to **not** be mounted on an overlayfs,
but rather being part of the `hostPath` mount.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
It's a known limitation that QEMU based runtime classes will not work
with Kind or Minikube, leading to:
```
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 42s default-scheduler Successfully assigned default/nginx-kata-qemu to minikube
Warning FailedCreatePodSandBox 9s kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create containerd task: failed to create shim task: Failed to Check if grpc server is working: rpc error: code = DeadlineExceeded desc = timed out connecting to vsock 3189232285:1024: unknown
```
This needs further debug in order to get to the root cause of the issue,
and potentially to a fix. However, for now, we should make sure that we
document such limitation.
One issue already reported about this is
https://github.com/confidential-containers/operator/issues/124, and
that's also been observed by Pradipta during the early tests of v0.1.0.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The operator dropped the deploy/deploy.yaml based deployment and moved
to a kustomize based one so update the docs to reflect that change.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Add instructions for how to set-up, create and validate creating a
workload from the sample encrypted container image
Fixes: #confidential-containers/operator#77
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
We have a script that does most of the gruntwork as part of the CI, but can be
used locally on a machine to quickly setup a single-node test cluster. Let's
document that option.
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
Suggested-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
Describe and explain the project architecture.
Signed-off-by: Ariel Adam <aadam@redhat.com>
Co-authored-by: Dan Middleton <dan.middleton@intel.com>
Co-authored-by: Samuel Ortiz <sameo@rivosinc.com>
snake_case to match typical Rust style.
Only applies to documentation not files LICENSE
or CODEOWNERS or README.md
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
The operator-demo folder contains instruction to recreate the
ssh demo. This demo works only with the older code in the
operator `ccv0` branch. The code in `main` branch has deviated
significantly and the existing ssh demo will not work when using
the manifest from the main branch.
Signed-off-by: Pradipta Banerjee <pradipta.banerjee@gmail.com>
Quickstart guide is a durable entrypoint for new users
that will be updated for each release.
Release notes are updates about the current release.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
* Define Continuous Integration acronym before using it
This is a common term, but better to follow good practices about documentation.
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
* Add some definitions and terminology
At this stage in the release (i.e. quite early, nobody knowing what we are
doing), Better to define three-letter acronym or components before we actually
use the terminology.
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
* Add a description of some of the limitations
List some of the limitations that we have, trying to also indicate where this is
going in the relatively short term.
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
* Create release_notes_09_2022.md
* Update releases/release_notes_09_2022.md
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
* Update releases/release_notes_09_2022.md
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
* Update releases/release_notes_09_2022.md
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
* Update releases/release_notes_09_2022.md
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
* Update releases/release_notes_09_2022.md
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
* Update releases/release_notes_09_2022.md
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
* Update release_notes_09_2022.md
* Adding the diagrams for the architecture
Adding the diagrams for the COCO architecture
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
