Skip to content

RVPS reference values provided via K8s configmap #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 14, 2024
Merged

RVPS reference values provided via K8s configmap #11

merged 3 commits into from
Mar 14, 2024

Conversation

@lmilleri
Copy link
Member

@lmilleri lmilleri commented Mar 7, 2024

This configuration applies when the json storage backend is chosen

@lmilleri lmilleri requested a review from bpradipt March 7, 2024 16:06
bpradipt
bpradipt reviewed Mar 8, 2024
View reviewed changes
bpradipt
bpradipt reviewed Mar 8, 2024
View reviewed changes
bpradipt
bpradipt reviewed Mar 8, 2024
View reviewed changes
bpradipt
bpradipt reviewed Mar 8, 2024
View reviewed changes
bpradipt
bpradipt reviewed Mar 8, 2024
View reviewed changes
@lmilleri
RVPS reference values provided via K8s configmap
9643337 
This configuration applies when the json storage backend is chosen

Signed-off-by: Leonardo Milleri <[email protected]>
@lmilleri lmilleri force-pushed the rvps-json branch 2 times, most recently from 68da290 to fac2450 Compare March 8, 2024 13:18
@lmilleri
Updated bundles/manifests
fc5b3c0 
Signed-off-by: Leonardo Milleri <[email protected]>
bpradipt
bpradipt reviewed Mar 8, 2024
View reviewed changes
config/samples/all-in-one/kustomization.yaml
# literals:
# - key1=res1val1
# - key2=res1val2

Copy link
Member

@bpradipt bpradipt Mar 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you try adding a patch.yaml like

apiVersion: confidentialcontainers.org/v1alpha1
kind: KbsConfig
metadata:
  name: kbsconfig-sample
spec:
  kbsSecretResources:
    - "kbsres1"

and include it in kustomization.yaml like

[snip]

secretGenerator:
- name: kbs-auth-public-key
  files:
  - kbs.pem
#- name: kbsres1
#  literals:
#  - key1=res1val1
#  - key2=res1val2

#patches:
#- patch.yaml

resources:
- kbsconfig_sample.yaml
[snip]

So when you uncomment the secret and the patch, and apply it the kbsconfig should have the kbsSecretResources.
We can then use this model for the optional elements like rvps values as well.

Copy link
Member Author

@lmilleri lmilleri Mar 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, can do for the kbs resources. Not sure about RVPS reference values though, because in case of json store backend we have to provide at least an empty json file, e.g.

[
]

What if I provide the empty json by default and mention a valid json sample with pre-populated values?

Copy link
Member

@bpradipt bpradipt Mar 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see... then you can mention about having a valid json file in the readme and uncommenting relevant entries in kustomization to use the json file as configmap

configmapGenerator:
- name: ..
  namespace: ..
  files:
  #- rvps-ref-values.json

@lmilleri
K8s secrets and RVPS reference values patches
4a39f30 
The kustomization.yaml file contains the patches for injecting k8s secrets
and RVPS reference values. The former are commented out by default,
the latter are enabled by default because RVPS needs at least an empty
json configuration file.

Signed-off-by: Leonardo Milleri <[email protected]>
bpradipt
bpradipt approved these changes Mar 12, 2024
View reviewed changes
Copy link
Member

@bpradipt bpradipt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm
Didn't test it though...

@bpradipt bpradipt merged commit 40fc709 into confidential-containers:main Mar 14, 2024
@bpradipt bpradipt mentioned this pull request Apr 6, 2024
Closed
@lmilleri lmilleri deleted the rvps-json branch May 15, 2024 11:58
lmilleri pushed a commit to lmilleri/trustee-operator that referenced this pull request Jul 26, 2024
@spotlesstofu
Merge pull request confidential-containers#11 from openshift/konflux/…
b2329eb 
…references/main

chore(deps): update konflux references
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bpradipt bpradipt bpradipt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lmilleri @bpradipt