github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-13 12:59:36 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #9681 from GabyCT/topic/etdx

Browse Source 
gha: Enable install kbs and coco components for TDX, but still skip the CDH test
This commit is contained in:
Fabiano Fidêncio
2024-05-22 23:18:42 +02:00
committed by GitHub
parent eaaab19763 904370ecd6
commit 8eb061cd5b
4 changed files with 35 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
tests/integration/kubernetes/confidential_kbs.sh
View File

@@ -125,21 +125,31 @@ kbs_set_resource_from_file() {
kbs_install_cli() { kbs_install_cli() {
command -v kbs-client >/dev/null && return command -v kbs-client >/dev/null && return
if ! command -v apt >/dev/null; then source /etc/os-release || source /usr/lib/os-release
>&2 echo "ERROR: running on unsupported distro" case "${ID}" in
return 1 ubuntu)
fi local pkgs="build-essential"
local pkgs="build-essential" sudo apt-get update -y
# shellcheck disable=2086
sudo apt-get install -y $pkgs
;;
centos)
local pkgs="make"
sudo apt-get update -y # shellcheck disable=2086
# shellcheck disable=2086 sudo dnf install -y $pkgs
sudo apt-get install -y $pkgs ;;
*)
>&2 echo "ERROR: running on unsupported distro"
return 1
;;
esac
# Mininum required version to build the client (read from versions.yaml) # Mininum required version to build the client (read from versions.yaml)
local rust_version local rust_version
ensure_yq ensure_yq
rust_version=$(get_from_kata_deps "externals.coco-kbs.toolchain") rust_version=$(get_from_kata_deps "externals.coco-trustee.toolchain")
# Currently kata version from version.yaml is 1.72.0 # Currently kata version from version.yaml is 1.72.0
# which doesn't match the requirement, so let's pass # which doesn't match the requirement, so let's pass
# the required version. # the required version.
@@ -153,9 +163,13 @@ kbs_install_cli() {
} }
kbs_uninstall_cli() { kbs_uninstall_cli() {
pushd "${COCO_KBS_DIR}" if [ -d "${COCO_KBS_DIR}" ]; then
sudo make uninstall pushd "${COCO_KBS_DIR}"
popd sudo make uninstall
popd
else
echo "${COCO_KBS_DIR} does not exist in the machine, skip uninstalling the kbs cli"
fi
} }
# Delete the kbs on Kubernetes # Delete the kbs on Kubernetes
@@ -234,6 +248,7 @@ function kbs_k8s_deploy() {
echo "::group::Deploy the KBS" echo "::group::Deploy the KBS"
if [ "${KATA_HYPERVISOR}" = "qemu-tdx" ]; then if [ "${KATA_HYPERVISOR}" = "qemu-tdx" ]; then
echo "Setting up custom PCCS for TDX"
cat <<- EOF > "${COCO_KBS_DIR}/config/kubernetes/custom_pccs/sgx_default_qcnl.conf" cat <<- EOF > "${COCO_KBS_DIR}/config/kubernetes/custom_pccs/sgx_default_qcnl.conf"
{ {
"pccs_url": "https://localhost:8081/sgx/certification/v4/", "pccs_url": "https://localhost:8081/sgx/certification/v4/",

28
tests/integration/kubernetes/gha-run.sh
View File

@@ -131,12 +131,7 @@ function configure_snapshotter() {
} }
function delete_coco_kbs() { function delete_coco_kbs() {
if [ "${KATA_HYPERVISOR}" == "qemu-tdx" ]; then kbs_k8s_delete
echo "Skipping deleting coco kbs for ${KATA_HYPERVISOR}"
exit 0
else
kbs_k8s_delete
fi
} }
# Deploy the CoCo KBS in Kubernetes # Deploy the CoCo KBS in Kubernetes
@@ -146,12 +141,7 @@ function delete_coco_kbs() {
# service externally # service externally
# #
function deploy_coco_kbs() { function deploy_coco_kbs() {
if [ "${KATA_HYPERVISOR}" == "qemu-tdx" ]; then kbs_k8s_deploy "$KBS_INGRESS"
echo "Skipping deploying coco kbs for ${KATA_HYPERVISOR}"
exit 0
else
kbs_k8s_deploy "$KBS_INGRESS"
fi
} }
function deploy_kata() { function deploy_kata() {
@@ -273,21 +263,11 @@ function deploy_kata() {
} }
function install_kbs_client() { function install_kbs_client() {
if [ "${KATA_HYPERVISOR}" == "qemu-tdx" ]; then kbs_install_cli
echo "Skipping install kbs client for ${KATA_HYPERVISOR}"
exit 0
else
kbs_install_cli
fi
} }
function uninstall_kbs_client() { function uninstall_kbs_client() {
if [ "${KATA_HYPERVISOR}" == "qemu-tdx" ]; then kbs_uninstall_cli
echo "Skipping uninstall kbs client for ${KATA_HYPERVISOR}"
exit 0
else
kbs_uninstall_cli
fi
} }
function run_tests() { function run_tests() {

2
tests/integration/kubernetes/k8s-confidential-attestation.bats
View File

@@ -15,6 +15,7 @@ export KATA_HYPERVISOR="${KATA_HYPERVISOR:-qemu}"
export AA_KBC="${AA_KBC:-cc_kbc}" export AA_KBC="${AA_KBC:-cc_kbc}"
setup() { setup() {
[ "${KATA_HYPERVISOR}" = "qemu-tdx" ] && skip "Test not ready yet for ${KATA_HYPERVISOR}"
is_confidential_runtime_class || skip "Test not supported for ${KATA_HYPERVISOR}." is_confidential_runtime_class || skip "Test not supported for ${KATA_HYPERVISOR}."
if [ "${KBS}" = "false" ]; then if [ "${KBS}" = "false" ]; then
@@ -82,6 +83,7 @@ setup() {
} }
teardown() { teardown() {
[ "${KATA_HYPERVISOR}" = "qemu-tdx" ] && skip "Test not ready yet for ${KATA_HYPERVISOR}"
is_confidential_runtime_class || skip "Test not supported for ${KATA_HYPERVISOR}." is_confidential_runtime_class || skip "Test not supported for ${KATA_HYPERVISOR}."
if [ "${KBS}" = "false" ]; then if [ "${KBS}" = "false" ]; then

4
versions.yaml
View File

@@ -227,9 +227,9 @@ externals:
coco-trustee: coco-trustee:
description: "Provides attestation and secret delivery components" description: "Provides attestation and secret delivery components"
url: "https://github.com/confidential-containers/trustee" url: "https://github.com/confidential-containers/trustee"
version: "18c8ee378c6d83446ee635a702d5dee389028d8f" version: "6adb8383309cbb7279f1d8e1e4620556ac66481e"
image: "ghcr.io/confidential-containers/staged-images/kbs" image: "ghcr.io/confidential-containers/staged-images/kbs"
image_tag: "18c8ee378c6d83446ee635a702d5dee389028d8f" image_tag: "6adb8383309cbb7279f1d8e1e4620556ac66481e"
toolchain: "1.74.0" toolchain: "1.74.0"
crio: crio: