Merge pull request #9116 from wainersm/ci_install_kbs-workflow

gha: k8s: prepare AKS workflow to install the CoCo KBS
kata-containers · Feb 28, 2024 · 129ce84 · 129ce84
2 parents bb4c608 + b44e0c4
commit 129ce84
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml
@@ -52,6 +52,10 @@ jobs:
       GH_PR_NUMBER: ${{ inputs.pr-number }}
       KATA_HOST_OS: ${{ matrix.host_os }}
       KATA_HYPERVISOR: ${{ matrix.vmm }}
+      # Set to install the KBS for attestation tests
+      KBS: ${{ (matrix.vmm == 'qemu' && matrix.host_os == 'ubuntu') && 'true' || 'false' }}
+      # Set the KBS ingress handler (empty string disables handling)
+      KBS_INGRESS: "aks"
       KUBERNETES: "vanilla"
       USING_NFD: "false"
       K8S_TEST_HOST_TYPE: ${{ matrix.instance-type }}
@@ -103,7 +107,17 @@ jobs:
       - name: Deploy Kata
         timeout-minutes: 10
         run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-aks
-
+
+      - name: Deploy CoCo KBS
+        if: env.KBS == 'true'
+        timeout-minutes: 5
+        run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs
+
+      - name: Install `kbs-client`
+        if: env.KBS == 'true'
+        timeout-minutes: 5
+        run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
+
       - name: Run tests
         timeout-minutes: 60
         run: bash tests/integration/kubernetes/gha-run.sh run-tests

diff --git a/tests/integration/kubernetes/gha-run.sh b/tests/integration/kubernetes/gha-run.sh
@@ -23,6 +23,8 @@ DOCKER_TAG=${DOCKER_TAG:-kata-containers-latest}
 KATA_DEPLOY_WAIT_TIMEOUT=${KATA_DEPLOY_WAIT_TIMEOUT:-10m}
 SNAPSHOTTER_DEPLOY_WAIT_TIMEOUT=${SNAPSHOTTER_DEPLOY_WAIT_TIMEOUT:-8m}
 KATA_HYPERVISOR=${KATA_HYPERVISOR:-qemu}
+KBS=${KBS:-false}
+KBS_INGRESS=${KBS_INGRESS:-}
 KUBERNETES="${KUBERNETES:-}"
 SNAPSHOTTER="${SNAPSHOTTER:-}"
 export AUTO_GENERATE_POLICY="${AUTO_GENERATE_POLICY:-no}"
@@ -103,6 +105,10 @@ function configure_snapshotter() {
 	echo "::endgroup::"
 }
 
+function deploy_coco_kbs() {
+	echo "TODO: deploy https://github.com/confidential-containers/kbs"
+}
+
 function deploy_kata() {
 	platform="${1}"
 	ensure_yq
@@ -170,6 +176,10 @@ function deploy_kata() {
 	echo "::endgroup::"
 }
 
+function install_kbs_client() {
+	echo "TODO: install kbs-client - https://github.com/kata-containers/kata-containers/pull/9114"
+}
+
 function run_tests() {
 	platform="${1:-}"
 
@@ -354,9 +364,11 @@ function main() {
 		create-cluster-kcli) create_cluster_kcli ;;
 		configure-snapshotter) configure_snapshotter ;;
 		setup-crio) setup_crio ;;
+		deploy-coco-kbs) deploy_coco_kbs ;;
 		deploy-k8s) deploy_k8s ;;
 		install-bats) install_bats ;;
 		install-kata-tools) install_kata_tools ;;
+		install-kbs-client) install_kbs_client ;;
 		install-kubectl) install_kubectl ;;
 		get-cluster-credentials) get_cluster_credentials ;;
 		deploy-kata-aks) deploy_kata "aks" ;;