github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-20 10:20:39 +00:00
Code Issues Projects Releases Wiki Activity

tests/k8s: Use custom intel DCAP configuration

Browse Source 
This PR adds the use of custom Intel DCAP configuration when
deploying the KBS.

Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
This commit is contained in:
Gabriela Cervantes 2024-05-20 16:58:41 +00:00
parent b54dc26073
commit cfdef7ed5f
2 changed files with 36 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
tests/integration/kubernetes/confidential_kbs.sh
View File

@ -13,6 +13,7 @@ source "${kubernetes_dir}/../../gha-run-k8s-common.sh"
# shellcheck disable=1091 # shellcheck disable=1091
source "${kubernetes_dir}/../../../ci/lib.sh" source "${kubernetes_dir}/../../../ci/lib.sh"
KATA_HYPERVISOR="${KATA_HYPERVISOR:-qemu}"
# Where the trustee (includes kbs) sources will be cloned # Where the trustee (includes kbs) sources will be cloned
readonly COCO_TRUSTEE_DIR="/tmp/trustee" readonly COCO_TRUSTEE_DIR="/tmp/trustee"
# Where the kbs sources will be cloned # Where the kbs sources will be cloned
@ -232,6 +233,17 @@ function kbs_k8s_deploy() {
[ -n "$ingress" ] && _handle_ingress "$ingress" [ -n "$ingress" ] && _handle_ingress "$ingress"
echo "::group::Deploy the KBS" echo "::group::Deploy the KBS"
if [ "${KATA_HYPERVISOR}" = "qemu-tdx" ]; then
cat <<- EOF > "${COCO_KBS_DIR}/config/kubernetes/custom_pccs/sgx_default_qcnl.conf"
{
"pccs_url": "https://localhost:8081/sgx/certification/v4/",
// To accept insecure HTTPS certificate, set this option to false
"use_secure_cert": false
}
EOF
export DEPLOYMENT_DIR=custom_pccs
fi
./deploy-kbs.sh ./deploy-kbs.sh
popd popd

20
tests/integration/kubernetes/gha-run.sh
View File

@ -131,7 +131,12 @@ function configure_snapshotter() {
} }
function delete_coco_kbs() { function delete_coco_kbs() {
if [ "${KATA_HYPERVISOR}" == "qemu-tdx" ]; then
echo "Skipping deleting coco kbs for ${KATA_HYPERVISOR}"
exit 0
else
kbs_k8s_delete kbs_k8s_delete
fi
} }
# Deploy the CoCo KBS in Kubernetes # Deploy the CoCo KBS in Kubernetes
@ -141,7 +146,12 @@ function delete_coco_kbs() {
# service externally # service externally
# #
function deploy_coco_kbs() { function deploy_coco_kbs() {
if [ "${KATA_HYPERVISOR}" == "qemu-tdx" ]; then
echo "Skipping deploying coco kbs for ${KATA_HYPERVISOR}"
exit 0
else
kbs_k8s_deploy "$KBS_INGRESS" kbs_k8s_deploy "$KBS_INGRESS"
fi
} }
function deploy_kata() { function deploy_kata() {
@ -263,11 +273,21 @@ function deploy_kata() {
} }
function install_kbs_client() { function install_kbs_client() {
if [ "${KATA_HYPERVISOR}" == "qemu-tdx" ]; then
echo "Skipping install kbs client for ${KATA_HYPERVISOR}"
exit 0
else
kbs_install_cli kbs_install_cli
fi
} }
function uninstall_kbs_client() { function uninstall_kbs_client() {
if [ "${KATA_HYPERVISOR}" == "qemu-tdx" ]; then
echo "Skipping uninstall kbs client for ${KATA_HYPERVISOR}"
exit 0
else
kbs_uninstall_cli kbs_uninstall_cli
fi
} }
function run_tests() { function run_tests() {