diff --git a/kbs/config/kubernetes/README.md b/kbs/config/kubernetes/README.md index e4e1b4efaa..5f333a786f 100644 --- a/kbs/config/kubernetes/README.md +++ b/kbs/config/kubernetes/README.md @@ -9,7 +9,7 @@ We will see how to deploy KBS (with builtin Attestation Service) on a Kubernetes Create a secret that you want to be served using this instance of KBS: ```bash -echo "This is my super secert" > overlays/key.bin +echo "This is my super secert" > overlays/$(uname -m)/key.bin ``` If you have more than one secret, copy them over to the `config/kubernetes/overlays` directory and add those to the `overlays/kustomization.yaml` file after as shown below: @@ -91,6 +91,30 @@ Deploy KBS by running the following command: ./deploy-kbs.sh ``` +For IBM Secure Execution (s390x), an environment variable `IBM_SE_CREDS_DIR` should be exported as follows: + +``` +$ export IBM_SE_CREDS_DIR=/path/to/your/directory +$ tree $IBM_SE_CREDS_DIR +/path/to/your/directory +├── certs +│   └── ibm-z-host-key-signing-gen2.crt +├── crls +│   └── ibm-z-host-key-gen2.crl +├── DigiCertCA.crt +├── hdr +│   └── hdr.bin +├── hkds +│   └── HKD-3931-0275D38.crt +└── rsa + ├── encrypt_key.pem + └── encrypt_key.pub + +5 directories, 7 files +``` + +Please check out the [documentation](https://github.com/confidential-containers/trustee/tree/main/attestation-service/verifier/src/se) for details. + ## Check deployment Run the following command to check if the KBS is deployed successfully: @@ -114,3 +138,9 @@ $ kubectl -n coco-tenant get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kbs ClusterIP 10.0.210.190 8080/TCP 4s ``` + +## Delete KBS + +``` +$ kubectl delete -k ${DEPLOYMENT_DIR}/$(uname -m) +```