From baf88bb72d1e6396e6561aef2b6ee4e75eae621e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 8 Nov 2024 14:39:35 +0100 Subject: [PATCH] ci: tdx: kbs: Ensure https_proxy is taken in consideration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Trustee's deployment must set the correct https_proxy as env var on the container that will talk to the ITA / ITTS server, otherwise the kbs service won't be able to start, causing then issues in our CI. Signed-off-by: Fabiano FidĂȘncio Signed-off-by: Krzysztof Sandowicz --- tests/integration/kubernetes/confidential_kbs.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/integration/kubernetes/confidential_kbs.sh b/tests/integration/kubernetes/confidential_kbs.sh index ec9398cb62..27ada6f23a 100644 --- a/tests/integration/kubernetes/confidential_kbs.sh +++ b/tests/integration/kubernetes/confidential_kbs.sh @@ -18,6 +18,7 @@ export PATH="${PATH}:/opt/kata/bin" KATA_HYPERVISOR="${KATA_HYPERVISOR:-qemu}" ITA_KEY="${ITA_KEY:-}" +HTTPS_PROXY="${HTTPS_PROXY:-}" # Where the trustee (includes kbs) sources will be cloned readonly COCO_TRUSTEE_DIR="/tmp/trustee" # Where the kbs sources will be cloned @@ -322,6 +323,20 @@ function kbs_k8s_deploy() { # ITA/ITTS specific configuration sed -i -e "s/tBfd5kKX2x9ahbodKV1.../${ITA_KEY}/g" kbs-config.toml popd + + if [ -n "${HTTPS_PROXY}" ]; then + # Ideally this should be something kustomizable on trustee side. + # + # However, for now let's take the bullet and do it here, and revert this as + # soon as https://github.com/confidential-containers/trustee/issues/567 is + # solved. + pushd "${COCO_KBS_DIR}/config/kubernetes/base/" + ensure_yq + + yq e ".spec.template.spec.containers[0].env += [{\"name\": \"https_proxy\", \"value\": \"$HTTPS_PROXY\"}]" -i deployment.yaml + popd + fi + export DEPLOYMENT_DIR=ita fi