diff --git a/tests/integration/kubernetes/k8s-confidential-attestation.bats b/tests/integration/kubernetes/k8s-confidential-attestation.bats index 47720ae9eb..cc27b2193a 100644 --- a/tests/integration/kubernetes/k8s-confidential-attestation.bats +++ b/tests/integration/kubernetes/k8s-confidential-attestation.bats @@ -44,15 +44,6 @@ setup() { set_metadata_annotation "${K8S_TEST_YAML}" \ "${kernel_params_annotation}" \ "${kernel_params_value}" - - # A secure boot image for IBM SE should be rebuilt according to the KBS configuration. - if [ "${KATA_HYPERVISOR}" == "qemu-se" ]; then - if [ -z "${IBM_SE_CREDS_DIR:-}" ]; then - >&2 echo "ERROR: IBM_SE_CREDS_DIR is empty" - return 1 - fi - repack_secure_image "${kernel_params_value}" "${IBM_SE_CREDS_DIR}" "true" - fi } @test "Get CDH resource" { diff --git a/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats b/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats index 5a7d978763..e8fc5fa4de 100644 --- a/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats +++ b/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats @@ -90,15 +90,6 @@ function create_pod_yaml_with_private_image() { "${kernel_params_annotation}" \ "${kernel_params_value}" - # A secure boot image for IBM SE should be rebuilt according to the KBS configuration. - if [ "${KATA_HYPERVISOR}" == "qemu-se" ]; then - if [ -z "${IBM_SE_CREDS_DIR:-}" ]; then - >&2 echo "ERROR: IBM_SE_CREDS_DIR is empty" - return 1 - fi - repack_secure_image "${kernel_params_value} agent.log=debug" "${IBM_SE_CREDS_DIR}" "true" - fi - # Set annotation to pull image in guest set_metadata_annotation "${kata_pod_with_private_image}" \ "io.containerd.cri.runtime-handler" \ diff --git a/tests/integration/kubernetes/lib.sh b/tests/integration/kubernetes/lib.sh index af04d82c0f..0fa743b61d 100644 --- a/tests/integration/kubernetes/lib.sh +++ b/tests/integration/kubernetes/lib.sh @@ -191,6 +191,15 @@ set_metadata_annotation() { # yq set annotations in yaml. Quoting the key because it can have # dots. yq -i ".${annotation_key} = \"${value}\"" "${yaml}" + + if [[ "${key}" =~ kernel_params ]] && [[ "${KATA_HYPERVISOR}" == "qemu-se" ]]; then + # A secure boot image for IBM SE should be rebuilt according to the KBS configuration. + if [ -z "${IBM_SE_CREDS_DIR:-}" ]; then + >&2 echo "ERROR: IBM_SE_CREDS_DIR is empty" + return 1 + fi + repack_secure_image "${value}" "${IBM_SE_CREDS_DIR}" "true" + fi } # Set the command for container spec.