Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc: provide a guide for how to install CC with IBM Secure Execution #329

Merged
merged 1 commit into from
Jan 23, 2024
Merged

doc: provide a guide for how to install CC with IBM Secure Execution #329

merged 1 commit into from
Jan 23, 2024

Conversation

BbolroC
Copy link
Member

@BbolroC BbolroC commented Jan 19, 2024

Due to the limitation that a public key used to encrypt a secure image is associated with a machine specific private key, a user cannot install and run a confidential container with IBM Secure Execution from release.

This is to provide a guide for how to achieve the goals above with a custom build.

Signed-off-by: Hyounggyu Choi [email protected]

@BbolroC
Copy link
Member Author

BbolroC commented Jan 22, 2024

For reviewers, you can find the referred documentation in the section Build a Payload Image via kata-deploy at kata-containers/kata-containers#7146

@BbolroC BbolroC mentioned this pull request Jan 22, 2024
Merged
@BbolroC BbolroC force-pushed the ibm-se-howto-doc branch 3 times, most recently from 7c51ca1 to b25f530 Compare January 22, 2024 13:49
stevenhorsman
stevenhorsman approved these changes Jan 22, 2024
View reviewed changes
Copy link
Member

@stevenhorsman stevenhorsman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense to me. Thanks!

@BbolroC BbolroC force-pushed the ibm-se-howto-doc branch 2 times, most recently from e8ca599 to 17e3431 Compare January 22, 2024 14:11
@wainersm
Copy link
Member

Hi @BbolroC !

I don't have a SystemZ to test the guide so I only reviewed the text. I've got two suggestions to you:

  • Link this doc to the Prerequisites section in docs/INSTALL.md. Users would need to at least label the worker correctly.
  • It uses the kustomize tool but doesn't explain how it can be installed:
$ cd $GOPATH/src/github.com/confidential-containers/operator
$ make kustomize

The binary is found in ./bin

@GabyCT
Copy link
Contributor

GabyCT commented Jan 22, 2024

@BbolroC overall lgtm but I just found some misspelling in $ kubectl get pods

@BbolroC
Copy link
Member Author

BbolroC commented Jan 23, 2024
edited
Loading

@BbolroC overall lgtm but I just found some misspelling in $ kubectl get pods

Thanks @GabyCT for the feedback. Actually, po is a short name for pod or pods in kubectl. (https://kubernetes.io/docs/reference/kubectl/#resource-types). But I will update the doc due to the readability.

@BbolroC
Copy link
Member Author

BbolroC commented Jan 23, 2024

Hi @BbolroC !

I don't have a SystemZ to test the guide so I only reviewed the text. I've got two suggestions to you:

  • Link this doc to the Prerequisites section in docs/INSTALL.md. Users would need to at least label the worker correctly.
  • It uses the kustomize tool but doesn't explain how it can be installed:
$ cd $GOPATH/src/github.com/confidential-containers/operator
$ make kustomize

The binary is found in ./bin

Thanks @wainersm for the feedback. I will reflect it asap. 😉

@BbolroC
doc: provide a guide for how to install CC with IBM Secure Execution
67f1427 
Due to the limitation that a public key used to encrypt a secure image
is associated with a machine specific private key, a user cannot install
and run a confidential container with IBM Secure Execution from release.

This is to provide a guide for how to achieve the goals above with a custom
build.

Signed-off-by: Hyounggyu Choi <[email protected]>
hbrueckner
hbrueckner approved these changes Jan 23, 2024
View reviewed changes
Copy link

@hbrueckner hbrueckner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot Choi!

/LGTM

wainersm
wainersm approved these changes Jan 23, 2024
View reviewed changes
Copy link
Member

@wainersm wainersm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @BbolroC !

@wainersm wainersm merged commit 345b1c4 into confidential-containers:main Jan 23, 2024
5 checks passed
@BbolroC BbolroC deleted the ibm-se-howto-doc branch January 23, 2024 17:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevenhorsman stevenhorsman stevenhorsman approved these changes

@hbrueckner hbrueckner hbrueckner approved these changes

@wainersm wainersm wainersm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@BbolroC @wainersm @GabyCT @hbrueckner @stevenhorsman