Merge pull request #9116 from wainersm/ci_install_kbs-workflow

gha: k8s: prepare AKS workflow to install the CoCo KBS
2025-06-28 16:27:50 +00:00 · 2024-02-28 14:43:41 -03:00 · 2024-02-28 14:43:41 -03:00 · 129ce84705
commit 129ce84705
parent bb4c608b32 b44e0c4e7c
2 changed files with 27 additions and 1 deletions
--- a/.github/workflows/run-k8s-tests-on-aks.yaml
+++ b/.github/workflows/run-k8s-tests-on-aks.yaml
@ -52,6 +52,10 @@ jobs:
      GH_PR_NUMBER: ${{ inputs.pr-number }}
      KATA_HOST_OS: ${{ matrix.host_os }}
      KATA_HYPERVISOR: ${{ matrix.vmm }}
+      # Set to install the KBS for attestation tests
+      KBS: ${{ (matrix.vmm == 'qemu' && matrix.host_os == 'ubuntu') && 'true' || 'false' }}
+      # Set the KBS ingress handler (empty string disables handling)
+      KBS_INGRESS: "aks"
      KUBERNETES: "vanilla"
      USING_NFD: "false"
      K8S_TEST_HOST_TYPE: ${{ matrix.instance-type }}
@ -103,7 +107,17 @@ jobs:
      - name: Deploy Kata
        timeout-minutes: 10
        run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-aks
-      
+
+      - name: Deploy CoCo KBS
+        if: env.KBS == 'true'
+        timeout-minutes: 5
+        run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs
+
+      - name: Install `kbs-client`
+        if: env.KBS == 'true'
+        timeout-minutes: 5
+        run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
+
      - name: Run tests
        timeout-minutes: 60
        run: bash tests/integration/kubernetes/gha-run.sh run-tests
--- a/tests/integration/kubernetes/gha-run.sh
+++ b/tests/integration/kubernetes/gha-run.sh
@ -23,6 +23,8 @@ DOCKER_TAG=${DOCKER_TAG:-kata-containers-latest}
 KATA_DEPLOY_WAIT_TIMEOUT=${KATA_DEPLOY_WAIT_TIMEOUT:-10m}
 SNAPSHOTTER_DEPLOY_WAIT_TIMEOUT=${SNAPSHOTTER_DEPLOY_WAIT_TIMEOUT:-8m}
 KATA_HYPERVISOR=${KATA_HYPERVISOR:-qemu}
+KBS=${KBS:-false}
+KBS_INGRESS=${KBS_INGRESS:-}
 KUBERNETES="${KUBERNETES:-}"
 SNAPSHOTTER="${SNAPSHOTTER:-}"
 export AUTO_GENERATE_POLICY="${AUTO_GENERATE_POLICY:-no}"
@ -103,6 +105,10 @@ function configure_snapshotter() {
 	echo "::endgroup::"
 }

+function deploy_coco_kbs() {
+	echo "TODO: deploy https://github.com/confidential-containers/kbs"
+}
+
 function deploy_kata() {
 	platform="${1}"
 	ensure_yq
@ -170,6 +176,10 @@ function deploy_kata() {
 	echo "::endgroup::"
 }

+function install_kbs_client() {
+	echo "TODO: install kbs-client - https://github.com/kata-containers/kata-containers/pull/9114"
+}
+
 function run_tests() {
 	platform="${1:-}"

@ -354,9 +364,11 @@ function main() {
 		create-cluster-kcli) create_cluster_kcli ;;
 		configure-snapshotter) configure_snapshotter ;;
 		setup-crio) setup_crio ;;
+		deploy-coco-kbs) deploy_coco_kbs ;;
 		deploy-k8s) deploy_k8s ;;
 		install-bats) install_bats ;;
 		install-kata-tools) install_kata_tools ;;
+		install-kbs-client) install_kbs_client ;;
 		install-kubectl) install_kubectl ;;
 		get-cluster-credentials) get_cluster_credentials ;;
 		deploy-kata-aks) deploy_kata "aks" ;;