-
Setup Cloud Resources
If using AWS, create VPC and AMI. Similarly for other providers create the necessary resources.
-
Setup Kubernetes cluster in the cloud
At least one node in the cluster must have the "worker" role. Verify by executing the following command.
kubectl get nodesYou should see "worker" under the "ROLES" column as shown below:
NAME STATUS ROLES AGE VERSION testk-master-0 Ready control-plane,master,worker 37h v1.25.0If "worker" role is missing, execute the following command to set the role.
export NODENAME=<node-name> kubectl label node $NODENAME node-role.kubernetes.io/worker=
Please refer to the instructions available in the following doc.
-
set CLOUD_PROVIDER
export CLOUD_PROVIDER=<aws|azure|ibmcloud|libvirt> -
make deploydeploys operator, runtime and cloud-api-adaptor pod in the configured cluster- validate kubectl is available in your
$PATHand$KUBECONFIGis set - configure install/overlays/$(CLOUD_PROVIDER)/kustomization.yaml with your own settings
- setting up authenticated registry support
- validate kubectl is available in your
-
make deletedeletes the daemonset from the configured cluster
-
Check POD status
kubectl get pods -n confidential-containers-systemA successful install should show all the PODs with "Running" status under the
confidential-containers-systemnamespace.NAME READY STATUS RESTARTS AGE cc-operator-controller-manager-dc4846d94-nfnr7 2/2 Running 0 20h cc-operator-daemon-install-bdp89 1/1 Running 0 5s cc-operator-pre-install-daemon-hclk9 1/1 Running 0 9s cloud-api-adaptor-daemonset-aws-7c66d68484-zpnnw 1/1 Running 0 9s -
Check
RuntimeClasseskubectl get runtimeclassA successful install should show
katarelatedRuntimeClassesNAME HANDLER AGE kata kata 6m7s kata-clh kata-clh 6m7s kata-qemu kata-qemu 6m7s -
View cloud-api-adaptor logs
kubectl logs pod/cloud-api-adaptor-daemonset-aws-7c66d68484-zpnnw -n confidential-containers-system
-
Set CLOUD_PROVIDER
export CLOUD_PROVIDER=<aws|azure|ibmcloud|libvirt> -
Set container registry and image name
export registry=<namespace>/<image_name> -
Build the container image and push it to
$registrymake image
These instructions should help you build your own images for development and testing.
Before proceeding ensure you can build the kata runtime and the agent successfully by following the instructions mentioned in the following link.
-
Set container registry and image name
export registry=<namespace>/<image_name> -
Build the multi arch runtime payload images and push them to
$registrycd runtime-payload make binaries make buildWhen I set
registry=liudali/pp-payloadthe output looks like:... s390x-2023011605591673848771: digest: sha256:3a00b9b754f687179f26bf32a27d381f4d2b900d976d6941dc89f217113a6ab9 size: 2002 Created manifest list docker.io/liudali/pp-payload:2023011605591673848771 Created manifest list docker.io/liudali/pp-payload:latest sha256:d58315740fa7f32aa55f5b58ccc628e4961fce3ccbbba2aa0ed76a278e776e37 sha256:d58315740fa7f32aa55f5b58ccc628e4961fce3ccbbba2aa0ed76a278e776e37 ~/cloud-api-adaptor/install/runtime-payload
-
Set container registry and image name
export registry=<namespace>/<image_name> -
Build the container image and push it to
$registrycd pre-install-payload make build