Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for TDX specific configuration #35

Merged
merged 4 commits into from
Jul 3, 2024
Merged

Add support for TDX specific configuration #35

merged 4 commits into from
Jul 3, 2024

Conversation

lmilleri
Copy link
Member

New ConfigMap added for mounting sgx_default_qcnl.conf in /etc.
If you update the configmap, trustee deployment needs to be restarted.

@lmilleri
Removed duplicated method
c03c3bd 
Signed-off-by: Leonardo Milleri <[email protected]>
@lmilleri lmilleri requested a review from bpradipt June 28, 2024 09:04
bpradipt
bpradipt reviewed Jun 28, 2024
View reviewed changes
api/v1alpha1/kbsconfig_types.go Outdated
@@ -76,6 +76,9 @@ type KbsConfigSpec struct {

// kbsResourcePolicyConfigMapName is the name of the configmap that contains the Resource Policy
KbsResourcePolicyConfigMapName string `json:"kbsResourcePolicyConfigMapName,omitempty"`

// kbsTdxConfigMapName is the name of the configmap that contains the TDX specific config
KbsTdxConfigMapName string `json:"kbsTdxConfigMapName,omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we create a separate struct for TDX config? In case there are other configs that might be needed going forward

@lmilleri lmilleri force-pushed the tdx-config branch 3 times, most recently from a9ce140 to 87fa8ec Compare June 28, 2024 15:34
bpradipt
bpradipt reviewed Jul 2, 2024
View reviewed changes
README.md Outdated
KbsServiceType corev1.ServiceType `json:"kbsServiceType,omitempty"`

// KbsDeploymentType is the type of KBS deployment
// It can assume one of the following values:
// It can assume one of the fREADME.mdollowing values:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo ?

bpradipt
bpradipt reviewed Jul 2, 2024
View reviewed changes
README.md Outdated

// TdxConfigSpec defines the desired state for TDX configuration
type TdxConfigSpec struct {
// kbsTdxConfigMapName is the name of the configmap that mounts the sgx_default_qcnl.conf
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// kbsTdxConfigMapName is the name of the configmap that mounts the sgx_default_qcnl.conf
kbsTdxConfigMapName is the name of the configmap containing sgx_default_qcnl.conf file

bpradipt
bpradipt reviewed Jul 2, 2024
View reviewed changes
api/v1alpha1/kbsconfig_types.go Outdated
@@ -36,6 +36,13 @@ const (
DeploymentTypeMicroservices DeploymentType = "MicroservicesDeployment"
)

// TdxConfigSpec defines the desired state for TDX configuration
type TdxConfigSpec struct {
// kbsTdxConfigMapName is the name of the configmap that mounts the sgx_default_qcnl.conf
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// kbsTdxConfigMapName is the name of the configmap that mounts the sgx_default_qcnl.conf
kbsTdxConfigMapName is the name of the configmap containing sgx_default_qcnl.conf file

lmilleri added 2 commits July 2, 2024 14:31
@lmilleri
Add support for TDX specific configuration
7ef8b11 
The config file /etc/sgx_default_qcnl.conf can be overriden by
creating the correspondent config map

Signed-off-by: Leonardo Milleri <[email protected]>
@lmilleri
Handling configmap optionality
241b5e4 
These configmaps are optional
- resource-policy
- TDX specific configuration

Signed-off-by: Leonardo Milleri <[email protected]>
@lmilleri
Added annotations to CRD attributes
d3506ac 
Signed-off-by: Leonardo Milleri <[email protected]>
bpradipt
bpradipt approved these changes Jul 2, 2024
View reviewed changes
Copy link
Member

@bpradipt bpradipt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@bpradipt bpradipt merged commit 185be60 into confidential-containers:main Jul 3, 2024
3 checks passed
lmilleri pushed a commit to lmilleri/trustee-operator that referenced this pull request Sep 2, 2024
@spotlesstofu
Merge pull request confidential-containers#35 from openshift/konflux/…
6ff9f7a 
…references/main

chore(deps): update konflux references
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bpradipt bpradipt bpradipt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lmilleri @bpradipt