Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removal of ReadOnly part for PVCVolume #51

Merged
merged 1 commit into from
Oct 10, 2024
Merged

Removal of ReadOnly part for PVCVolume #51

merged 1 commit into from
Oct 10, 2024

Conversation

gauravkuredhat
Copy link

@gauravkuredhat gauravkuredhat commented Oct 9, 2024
edited
Loading

  • Description of the problem which is fixed/What is the use case
    While testing remote attestation for IBM SE, we were having key fetching failure. After multiple debugging, we found that it is having permission issue because of below (Although pem file was there) -

[2024-10-01T06:11:32Z INFO api_server::http::attest] Auth API called. [2024-10-01T06:11:32Z DEBUG api_server::http::attest] Auth Request: Json(Request { version: "0.1.0", tee: Se, extra_params: "" }) [2024-10-01T06:11:32Z ERROR api_server::http::error] Authentication failed: generate challenge: Private key file does not exist: /run/confidential-containers/ibmse/rsa/encrypt_key.pem

What I did -
Removed ReadOnly part from PVCVolume as below from deployment config:-

  • name: ibmse-pvc-1oct-new
    persistentVolumeClaim:
    claimName: ibmse-pvc-1oct-new
    readOnly: true // This line I had removed

  • Test Result

root@a3elp36 gaurav-fresh-setup]# oc exec -it kbs-client -- kbs-client --url http://kbs-service:8080/ get-resource --path default/kbsres1/key1
XXXXXXXXXXX
[root@a3elp36 gaurav-fresh-setup]# oc exec -it kbs-client -- kbs-client --url http://kbs-service:8080/ get-resource --path default/kbsres1/key2
XXXXXXXXXXX

@gauravkuredhat gauravkuredhat requested a review from a team as a code owner October 9, 2024 05:57
@gauravkuredhat gauravkuredhat changed the title KATA-3419: Removal of ReadOnly part for PVCVolume Removal of ReadOnly part for PVCVolume Oct 9, 2024
@lmilleri lmilleri merged commit a3113ee into confidential-containers:main Oct 10, 2024
3 checks passed
lmilleri pushed a commit to lmilleri/trustee-operator that referenced this pull request Dec 3, 2024
@spotlesstofu
Merge pull request confidential-containers#51 from openshift/konflux/…
27234b5 
…references/main

Update Konflux references
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@savitrilh savitrilh savitrilh approved these changes

@lmilleri lmilleri lmilleri approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gauravkuredhat @lmilleri @savitrilh