tests/k8s: Use custom intel DCAP configuration

This PR adds the use of custom Intel DCAP configuration when deploying the KBS. Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
2025-07-19 09:51:29 +00:00 · 2024-05-20 16:58:41 +00:00 · 2024-05-20 16:58:41 +00:00 · cfdef7ed5f
commit cfdef7ed5f
parent b54dc26073
2 changed files with 36 additions and 4 deletions
--- a/tests/integration/kubernetes/confidential_kbs.sh
+++ b/tests/integration/kubernetes/confidential_kbs.sh
@ -13,6 +13,7 @@ source "${kubernetes_dir}/../../gha-run-k8s-common.sh"
 # shellcheck disable=1091
 source "${kubernetes_dir}/../../../ci/lib.sh"

+KATA_HYPERVISOR="${KATA_HYPERVISOR:-qemu}"
 # Where the trustee (includes kbs) sources will be cloned
 readonly COCO_TRUSTEE_DIR="/tmp/trustee"
 # Where the kbs sources will be cloned
@ -232,6 +233,17 @@ function kbs_k8s_deploy() {
 	[ -n "$ingress" ] && _handle_ingress "$ingress"

 	echo "::group::Deploy the KBS"
+	if [ "${KATA_HYPERVISOR}" = "qemu-tdx" ]; then
+		cat <<- EOF > "${COCO_KBS_DIR}/config/kubernetes/custom_pccs/sgx_default_qcnl.conf"
+{
+ "pccs_url": "https://localhost:8081/sgx/certification/v4/",
+
+ // To accept insecure HTTPS certificate, set this option to false
+ "use_secure_cert": false
+}
+EOF
+		export DEPLOYMENT_DIR=custom_pccs
+	fi
 	./deploy-kbs.sh
 	popd

--- a/tests/integration/kubernetes/gha-run.sh
+++ b/tests/integration/kubernetes/gha-run.sh
@ -131,7 +131,12 @@ function configure_snapshotter() {
 }

 function delete_coco_kbs() {
-	kbs_k8s_delete
+	if [ "${KATA_HYPERVISOR}" == "qemu-tdx" ]; then
+		echo "Skipping deleting coco kbs for ${KATA_HYPERVISOR}"
+		exit 0
+	else
+		kbs_k8s_delete
+	fi
 }

 # Deploy the CoCo KBS in Kubernetes
@ -141,7 +146,12 @@ function delete_coco_kbs() {
 #	              service externally
 #
 function deploy_coco_kbs() {
-	kbs_k8s_deploy "$KBS_INGRESS"
+	if [ "${KATA_HYPERVISOR}" == "qemu-tdx" ]; then
+		echo "Skipping deploying coco kbs for ${KATA_HYPERVISOR}"
+		exit 0
+	else
+		kbs_k8s_deploy "$KBS_INGRESS"
+	fi
 }

 function deploy_kata() {
@ -263,11 +273,21 @@ function deploy_kata() {
 }

 function install_kbs_client() {
-	kbs_install_cli
+	if [ "${KATA_HYPERVISOR}" == "qemu-tdx" ]; then
+		echo "Skipping install kbs client for ${KATA_HYPERVISOR}"
+		exit 0
+	else
+		kbs_install_cli
+	fi
 }

 function uninstall_kbs_client() {
-	kbs_uninstall_cli
+	if [ "${KATA_HYPERVISOR}" == "qemu-tdx" ]; then
+		echo "Skipping uninstall kbs client for ${KATA_HYPERVISOR}"
+		exit 0
+	else
+		kbs_uninstall_cli
+	fi
 }

 function run_tests() {