From 4bc7aa3944dff3a6fd571bdd75696c8f36f3249b Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Fri, 15 Nov 2024 10:31:04 +0200 Subject: [PATCH] kbs: fix configs in kubernetes deployments some of the mandatory TOML entries were not correctly updated to the kubernetes deployments. Follow ca9bf40e3b changes to update kbs/config/kubernetes TOML files too. Signed-off-by: Mikko Ylinen --- kbs/config/kubernetes/base/kbs-config.toml | 5 +++++ kbs/config/kubernetes/ita/kbs-config.toml | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/kbs/config/kubernetes/base/kbs-config.toml b/kbs/config/kubernetes/base/kbs-config.toml index 489cfdf97..b142f52c6 100644 --- a/kbs/config/kubernetes/base/kbs-config.toml +++ b/kbs/config/kubernetes/base/kbs-config.toml @@ -22,3 +22,8 @@ attestation_token_broker = "Simple" [admin] auth_public_key = "/kbs/kbs.pem" + +[[plugins]] +name = "resource" +type = "LocalFs" +dir_path = "/opt/confidential-containers/kbs/repository" diff --git a/kbs/config/kubernetes/ita/kbs-config.toml b/kbs/config/kubernetes/ita/kbs-config.toml index 37eefb727..203adef19 100644 --- a/kbs/config/kubernetes/ita/kbs-config.toml +++ b/kbs/config/kubernetes/ita/kbs-config.toml @@ -5,7 +5,7 @@ sockets = ["0.0.0.0:8080"] insecure_http = true [attestation_token] -trusted_certs_paths = ["https://portal.trustauthority.intel.com"] +trusted_jwk_sets = ["https://portal.trustauthority.intel.com"] [attestation_service] type = "intel_ta" @@ -15,3 +15,8 @@ certs_file = "https://portal.trustauthority.intel.com" [admin] auth_public_key = "/kbs/kbs.pem" + +[[plugins]] +name = "resource" +type = "LocalFs" +dir_path = "/opt/confidential-containers/kbs/repository"