From fe3ba36d2ac8787a445cebd8f2f6c7f110ae58cc Mon Sep 17 00:00:00 2001 From: Kartik Joshi Date: Thu, 1 Feb 2024 13:54:25 +0530 Subject: [PATCH] Provisioner: Add kbs provisioning steps in CI Fixes: #1676 Signed-off-by: Kartik Joshi --- .github/workflows/azure-e2e-test.yml | 11 +++++++++++ .../test/provisioner/provision.go | 15 +++++++++------ src/cloud-api-adaptor/versions.yaml | 5 ++++- 3 files changed, 24 insertions(+), 7 deletions(-) diff --git a/.github/workflows/azure-e2e-test.yml b/.github/workflows/azure-e2e-test.yml index 3c1af3ea3e..c424867ea8 100644 --- a/.github/workflows/azure-e2e-test.yml +++ b/.github/workflows/azure-e2e-test.yml @@ -148,6 +148,17 @@ jobs: ${{ env.TEST_PROVISION_FILE }} name: e2e-configuration + - name: Extract kbs reference + run: echo "KBS_VERSION=$(yq -e '.git.kbs.reference' versions.yaml)" >> "$GITHUB_ENV" + + - name: Checkout kbs Repository + run: | + git clone https://github.com/confidential-containers/trustee test/trustee + pushd test/trustee + git checkout "${KBS_VERSION}" + popd + + - uses: azure/login@v1 name: 'Az CLI login' with: diff --git a/src/cloud-api-adaptor/test/provisioner/provision.go b/src/cloud-api-adaptor/test/provisioner/provision.go index 0c8d57ff43..9b107115cf 100644 --- a/src/cloud-api-adaptor/test/provisioner/provision.go +++ b/src/cloud-api-adaptor/test/provisioner/provision.go @@ -80,6 +80,9 @@ type InstallOverlay interface { // Waiting timeout for bringing up the pod const PodWaitTimeout = time.Second * 30 +// trustee repo related base path +const TRUSTEE_REPO_PATH = "../trustee" + func saveToFile(filename string, content []byte) error { // Save contents to file err := os.WriteFile(filename, content, 0644) @@ -94,7 +97,7 @@ func NewKeyBrokerService(clusterName string) (*KeyBrokerService, error) { // Create secret content := []byte("This is my cluster name: " + clusterName) - filePath := "trustee/kbs/config/kubernetes/overlays/key.bin" + filePath := filepath.Join(TRUSTEE_REPO_PATH, "/kbs/config/kubernetes/overlays/key.bin") // Create the file. file, err := os.Create(filePath) if err != nil { @@ -120,9 +123,9 @@ func NewKeyBrokerService(clusterName string) (*KeyBrokerService, error) { } fmt.Println(k8sCnfDir) - kbsCert := filepath.Join(k8sCnfDir, "trustee/kbs/config/kubernetes/base/kbs.pem") + kbsCert := filepath.Join(k8sCnfDir, TRUSTEE_REPO_PATH, "kbs/config/kubernetes/base/kbs.pem") if _, err := os.Stat(kbsCert); os.IsNotExist(err) { - kbsKey := filepath.Join(k8sCnfDir, "trustee/kbs/config/kubernetes/base/kbs.key") + kbsKey := filepath.Join(k8sCnfDir, TRUSTEE_REPO_PATH, "kbs/config/kubernetes/base/kbs.key") keyOutputFile, err := os.Create(kbsKey) if err != nil { err = fmt.Errorf("creating key file: %w\n", err) @@ -174,7 +177,7 @@ func NewKeyBrokerService(clusterName string) (*KeyBrokerService, error) { } - overlay, err := NewBaseKbsInstallOverlay("trustee") + overlay, err := NewBaseKbsInstallOverlay(TRUSTEE_REPO_PATH) if err != nil { return nil, err } @@ -367,7 +370,7 @@ func (p *KeyBrokerService) Deploy(ctx context.Context, cfg *envconf.Config, prop } // Create kustomize pointer for overlay directory with updated changes - tmpoverlay, err := NewKbsInstallOverlay("trustee") + tmpoverlay, err := NewKbsInstallOverlay(TRUSTEE_REPO_PATH) if err != nil { return err } @@ -381,7 +384,7 @@ func (p *KeyBrokerService) Deploy(ctx context.Context, cfg *envconf.Config, prop func (p *KeyBrokerService) Delete(ctx context.Context, cfg *envconf.Config) error { // Create kustomize pointer for overlay directory with updated changes - tmpoverlay, err := NewKbsInstallOverlay("trustee") + tmpoverlay, err := NewKbsInstallOverlay(TRUSTEE_REPO_PATH) if err != nil { return err } diff --git a/src/cloud-api-adaptor/versions.yaml b/src/cloud-api-adaptor/versions.yaml index d5de5432ad..91e60a0f89 100644 --- a/src/cloud-api-adaptor/versions.yaml +++ b/src/cloud-api-adaptor/versions.yaml @@ -41,10 +41,13 @@ git: opa: url: https://github.com/open-policy-agent/opa reference: v0.58.0 + kbs: + url: https://github.com/confidential-containers/trustee + reference: dc01f454264fb4350e5f69eba05683a9a1882c41 oci: pause: registry: docker://registry.k8s.io/pause tag: 3.6 kbs: registry: ghcr.io/confidential-containers/key-broker-service - tag: v0.8.2 + tag: dc01f454264fb4350e5f69eba05683a9a1882c41