tests: use kubectl set to configure KBS env

No need to patch yamls locally. Also, set RUST_LOG=debug
and enable https_proxy for all TDX targets when the runner
has HTTPS_PROXY is set.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This commit is contained in:
Mikko Ylinen
2026-06-05 06:46:14 +03:00
parent 1624ebe362
commit f3a0ef6a7c

View File

@@ -401,23 +401,15 @@ function kbs_k8s_deploy() {
[[ -n "${ingress}" ]] && _handle_ingress "${ingress}"
echo "::group::Deploy the KBS"
if [[ "${KATA_HYPERVISOR}" = "qemu-tdx" ]]; then
if [[ -n "${HTTPS_PROXY}" ]]; then
# Ideally this should be something kustomizable on trustee side.
#
# However, for now let's take the bullet and do it here, and revert this as
# soon as https://github.com/confidential-containers/trustee/issues/567 is
# solved.
pushd "${COCO_KBS_DIR}/config/kubernetes/base/"
ensure_yq
yq e ".spec.template.spec.containers[0].env += [{\"name\": \"https_proxy\", \"value\": \"${HTTPS_PROXY}\"}]" -i deployment.yaml
popd
fi
fi
./deploy-kbs.sh
# Set proxy env vars and enable debug logging on the KBS deployment.
# Using 'kubectl set env' avoids patching the trustee source tree.
# All vars are set in a single call to avoid triggering two rolling restarts.
local kbs_env_args=(RUST_LOG=debug)
is_tdx_hypervisor && [[ -n "${HTTPS_PROXY}" ]] && kbs_env_args+=(https_proxy="${HTTPS_PROXY}")
kubectl set env deployment/kbs -n "${KBS_NS}" "${kbs_env_args[@]}"
# Check the private key used to install the KBS exist and save it in a
# well-known location. That's the access key used by the kbs-client.
local install_key="${PWD}/base/kbs.key"