diff --git a/docs/how-to/README.md b/docs/how-to/README.md index 89903fd57a..e82e22ee15 100644 --- a/docs/how-to/README.md +++ b/docs/how-to/README.md @@ -46,3 +46,4 @@ ## Confidential Containers - [How to use build and test the Confidential Containers `CCv0` proof of concept](how-to-build-and-test-ccv0.md) +- [How to generate a Kata Containers payload for the Confidential Containers Operator](how-to-generate-a-kata-containers-payload-for-the-confidential-containers-operator.md) diff --git a/docs/how-to/how-to-generate-a-kata-containers-payload-for-the-confidential-containers-operator.md b/docs/how-to/how-to-generate-a-kata-containers-payload-for-the-confidential-containers-operator.md new file mode 100644 index 0000000000..40451aa97e --- /dev/null +++ b/docs/how-to/how-to-generate-a-kata-containers-payload-for-the-confidential-containers-operator.md @@ -0,0 +1,44 @@ +# Generating a Kata Containers payload for the Confidential Containers Operator + +[Confidential Containers +Operator](https://github.com/confidential-containers/operator) consumes a Kata +Containers payload, generated from the `CCv0` branch, and here one can find all +the necessary info on how to build such a payload. + +## Requirements + +* `make` installed in the machine +* Docker installed in the machine +* `sudo` access to the machine + +## Process + +* Clone [Kata Containers](https://github.com/kata-containers/kata-containers) + ```sh + git clone --branch CCv0 https://github.com/kata-containers/kata-containers + ``` + * In case you've already cloned the repo, make sure to switch to the `CCv0` branch + ```sh + git checkout CCv0 + ``` + * Ensure your tree is clean and in sync with upstream `CCv0` + ```sh + git clean -xfd + git reset --hard /CCv0 + ``` +* Make sure you're authenticated to `quay.io` + ```sh + sudo docker login quay.io + ``` +* From the top repo directory, run: + ```sh + sudo make cc-payload + ``` +* Make sure the image was upload to the [Confidential Containers + runtime-payload +registry](https://quay.io/repository/confidential-containers/runtime-payload?tab=tags) + +## Notes + +Make sure to run it on a machine that's not the one you're hacking on, prepare a +cup of tea, and get back to it an hour later (at least).