Skip to content

Commit

Permalink
podvm: Allow policy file specification in container builds
Browse files Browse the repository at this point in the history 
Agent policy file can be specified as part of containerised
builds.

The build arg is DEFAULT_AGENT_POLICY_FILE and it takes a policy file
name kept under podvm/files/etc/kata-opa

Signed-off-by: Pradipta Banerjee <pradipta.banerjee@gmail.com>
  • Loading branch information
@bpradipt
bpradipt committed Jan 8, 2024
1 parent 39d659d commit a2c636f
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 0 deletions.
5 changes: 5 additions & 0 deletions podvm/Dockerfile.podvm_binaries
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,14 @@ ARG PODVM_DISTRO=ubuntu
ARG AA_KBC=offline_fs_kbc
# If not provided, uses system architecture
ARG ARCH
#This is the name of the policy file under
#files/etc/kata-opa
ARG DEFAULT_AGENT_POLICY_FILE=allow-all.rego

ENV PODVM_DISTRO ${PODVM_DISTRO}
ENV AA_KBC ${AA_KBC}
ENV ARCH ${ARCH}
ENV DEFAULT_AGENT_POLICY_FILE ${DEFAULT_AGENT_POLICY_FILE}

COPY . /src/cloud-api-adaptor

Expand Down
4 changes: 4 additions & 0 deletions podvm/Dockerfile.podvm_binaries.fedora
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,17 @@ ARG GUEST_COMPONENTS_REPO
ARG AA_KBC="offline_fs_kbc"
# If not provided, uses system architecture
ARG ARCH
#This is the name of the policy file under
#files/etc/kata-opa
ARG DEFAULT_AGENT_POLICY_FILE=allow-all.rego

ENV CLOUD_PROVIDER ${CLOUD_PROVIDER}
ENV PODVM_DISTRO ${PODVM_DISTRO}
ENV GUEST_COMPONENTS_VERSION ${GUEST_COMPONENTS_VERSION}
ENV GUEST_COMPONENTS_REPO ${GUEST_COMPONENTS_REPO}
ENV AA_KBC ${AA_KBC}
ENV ARCH ${ARCH}
ENV DEFAULT_AGENT_POLICY_FILE ${DEFAULT_AGENT_POLICY_FILE}

# Set these as they are required in the Makefile
ENV IMAGE_URL "none"
Expand Down
5 changes: 5 additions & 0 deletions podvm/Dockerfile.podvm_binaries.rhel
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,14 @@ ARG PODVM_DISTRO=rhel
ARG AA_KBC="offline_fs_kbc"
# If not provided, uses system architecture
ARG ARCH
#This is the name of the policy file under
#files/etc/kata-opa
ARG DEFAULT_AGENT_POLICY_FILE=allow-all.rego

ENV PODVM_DISTRO ${PODVM_DISTRO}
ENV AA_KBC ${AA_KBC}
ENV ARCH ${ARCH}
ENV DEFAULT_AGENT_POLICY_FILE ${DEFAULT_AGENT_POLICY_FILE}

COPY . /src/cloud-api-adaptor

Expand Down

0 comments on commit a2c636f

Please sign in to comment.