lmilleri/README.MD

## README.MD

      
    Raw
  

              README.MD
            
          
    Coco Trustee

Kind setup with trustee-operator

git clone https://github.com/confidential-containers/trustee-operator.git
cd trustee
gh pr checkout https://github.com/confidential-containers/trustee-operator/pull/103 (if not merged yet)
./tests/scripts/kind-with-registry.sh
./tests/scripts/install-operator.sh quay.io/rh_ee_lmilleri/trustee:v0.15.0 quay.io/rh_ee_lmilleri/kbs-client:v0.15.0

CoCo Installation

kubectl label node "kind-control-plane" "node.kubernetes.io/worker="
kubectl apply -k github.com/confidential-containers/operator/config/release?ref=v0.16.0
kubectl apply -k github.com/confidential-containers/operator/config/samples/ccruntime/default?ref=v0.16.0

Fix pull image issue

kubectl debug node/kind-control-plane -it --image=busybox
vi /host/etc/containerd/config.toml and replace `discard_unpacked_layers` = true with `discard_unpacked_layers = false`
chroot /host
ctr -n k8s.io content fetch quay.io/rh_ee_lmilleri/trustee:v0.15.0
systemctl restart containerd

Run CoCo trustee

Create and kubect apply the pod manifest:
apiVersion: v1
kind: Pod
metadata:
  labels:
    run: trustee
  name: trustee
  annotations:
    io.containerd.cri.runtime-handler: kata-qemu-coco-dev
    io.katacontainers.config.hypervisor.kernel_params: " agent.aa_kbc_params=cc_kbc::http://kbs-service.trustee-operator-system:8080"
spec:
  containers:
  - image: quay.io/rh_ee_lmilleri/trustee:v0.15.0 
    name: trustee
  dnsPolicy: ClusterFirst
  runtimeClassName: kata-qemu-coco-dev

Verification

kubectl exec -it trustee -- curl http://127.0.0.1:8006/cdh/resource/default/kbsres1/key1
res1val1
No results found