- kubernetes running in a trusted environment (in my case minikube on laptop) (1)
- trustee-operator deployed
- Openshift in public cloud or bare metal (in my case snp baremetal on virtlab801) (2)
- OSC deployed
Leonardo Milleri lmilleri
Add support for managing multiple trustee releases through versioned configuration templates. Each TrusteeConfig can select a specific trustee release version, which determines both the configuration templates used and the container image tags deployed.
- ✅ Single TrusteeConfig can select release version via
spec.versionfield - ✅ Templates organized by trustee release (e.g.,
config/templates/v0.10.0/) - ✅ Automatic image selection based on version
Enable multi-tenancy in the trustee-operator so each tenant can create a TrusteeConfig in their namespace and get a separate, isolated trustee instance.
- KbsConfigReconciler: Watches KbsConfig CRs, creates Deployments/Services for trustee
git clone https://github.com/confidential-containers/trustee-operator.git
cd trustee
gh pr checkout https://github.com/confidential-containers/trustee-operator/pull/103 (if not merged yet)
./tests/scripts/kind-with-registry.sh
./tests/scripts/install-operator.sh quay.io/rh_ee_lmilleri/trustee:v0.15.0 quay.io/rh_ee_lmilleri/kbs-client:v0.15.0
git clone https://github.com/confidential-containers/trustee-operator.git
cd trustee-operator
./tests/scripts/kind-with-registry.sh
./tests/scripts/install-operator.sh quay.io/confidential-containers/trustee:latest quay.io/confidential-containers/kbs-client:latest
These instructions will let you to create pods consuming accelerated vDPA interfaces on ovn-k secondary network
- OCP cluster running (latest 4.14)
- SRIOV network operator is installed (latest upstream)
- kubernetes-nmstate operator is installed (latest downstream)
- ovn-kubernetes running image is quay.io/rh_ee_lmilleri/ovn-daemonset-f:vhost-vdpa-0906-3