kbs: pin down to released working kbs image version

[kartikjoshi21]

Fix: #1688

[surajssd]

This tag probably does not exists:

coco-tenant 0s Warning Failed pod/kbs-5864d9656d-r25nk Failed to pull image "ghcr.io/confidential-containers/key-broker-service:7ec54fa8f74b9bf24d84ef4a35d050d068105732": rpc error: code = NotFound desc = failed to pull and unpack image "ghcr.io/confidential-containers/key-broker-service:7ec54fa8f74b9bf24d84ef4a35d050d068105732": failed to resolve reference "ghcr.io/confidential-containers/key-broker-service:7ec54fa8f74b9bf24d84ef4a35d050d068105732": ghcr.io/confidential-containers/key-broker-service:7ec54fa8f74b9bf24d84ef4a35d050d068105732: not found

[surajssd]

The correct registry is ghcr.io/confidential-containers/staged-images/kbs.

[surajssd]

I was able to deploy ghcr.io/confidential-containers/staged-images/kbs:7ec54fa8f74b9bf24d84ef4a35d050d068105732 but it has the same problem as using the current main.

✗ kubectl logs -n coco-tenant kbs-85446fdff5-grpzj
[2024-02-07T22:03:13Z INFO  kbs] Using config file /etc/kbs/kbs-config.toml
Error: invalid config: missing field `rvps_config`

[surajssd]

It seems like we don't have any pre-built image which has this problem solved. I even tried the first ever built image and it too has same problem: c3ab7bbdc458362d971062b087ed68d4998dacad.

[surajssd]

@kartikjoshi21 PTAL confidential-containers/trustee#318 latest image should work with this config change.

[kartikjoshi21]

@kartikjoshi21 PTAL confidential-containers/kbs#318 latest image should work with this config change.

I have pointed out to latest released image tag for now and it can bring the pod up atleast. We need to push image with tag 7ec54fa8f74b9bf24d84ef4a35d050d068105732 and latest rvps config change to staged images repo for all the things to work as this commit is compatible with guest-component and kbs but i dont have permission for the same.

[mkulke]

note: there was a kbs 0.8.2 release tagged recently, maybe that's what could be used? https://github.com/confidential-containers/kbs/tree/v0.8.2

[kartikjoshi21]

note: there was a kbs 0.8.2 release tagged recently, maybe that's what could be used? https://github.com/confidential-containers/kbs/tree/v0.8.2

@mkulke i think with this PR we can point out to latest kbs tag in this repo

[mkulke]

note: there was a kbs 0.8.2 release tagged recently, maybe that's what could be used? https://github.com/confidential-containers/kbs/tree/v0.8.2

@mkulke i think with this PR we can point out to latest kbs tag in this repo

Do you mean a hash of the current main? or a "latest" tag? 0.8.2 is pretty close to the kbs' HEAD and there is no explicit version coupling to guest-components (there won't be a 0.8.2 release)

[kartikjoshi21]

note: there was a kbs 0.8.2 release tagged recently, maybe that's what could be used? https://github.com/confidential-containers/kbs/tree/v0.8.2

@mkulke i think with this PR we can point out to latest kbs tag in this repo

Do you mean a hash of the current main? or a "latest" tag? 0.8.2 is pretty close to the kbs' HEAD and there is no explicit version coupling to guest-components (there won't be a 0.8.2 release)

I m currently using this tag 6a9be1cd9d1522d6892c36cb80c415af1078b1e2 for kbs repo. But i think using kbs 0.8.2 make sense as well. @surajssd wdyt ?

[surajssd]

I m currently using this tag 6a9be1cd9d1522d6892c36cb80c415af1078b1e2 for kbs repo. But i think using kbs 0.8.2 make sense as well. @surajssd wdyt ?

Sure, that would work as well.