Merge pull request confidential-containers#27 from openshift/revert-2…

…4-my-rebase Revert "Rebase upstream 26-jul"
lmilleri · Jul 31, 2024 · af5cfa3 · af5cfa3
2 parents adb29c3 + 7075273
commit af5cfa3
Show file tree

Hide file tree

Showing 22 changed files with 218 additions and 338 deletions.
diff --git a/README.md b/README.md
@@ -9,19 +9,15 @@ The operator manages a Kubernetes custom resource named: `KbsConfig`. Following
 `KbsConfig` custom resource definition
 
 ```golang
-// KbsConfigSpec defines the desired state of KbsConfig
 type KbsConfigSpec struct {
+
   // KbsConfigMapName is the name of the configmap that contains the KBS configuration
   KbsConfigMapName string `json:"kbsConfigMapName,omitempty"`
 
   // KbsAsConfigMapName is the name of the configmap that contains the KBS AS configuration
-  // Required only when MicroservicesDeployment is set
-  // +optional
   KbsAsConfigMapName string `json:"kbsAsConfigMapName,omitempty"`
 
   // KbsRvpsConfigMapName is the name of the configmap that contains the KBS RVPS configuration
-  // Required only when MicroservicesDeployment is set
-  // +optional
   KbsRvpsConfigMapName string `json:"kbsRvpsConfigMapName,omitempty"`
 
   // kbsRvpsRefValuesConfigMapName is the name of the configmap that contains the RVPS reference values
@@ -31,44 +27,27 @@ type KbsConfigSpec struct {
   KbsAuthSecretName string `json:"kbsAuthSecretName,omitempty"`
 
   // KbsServiceType is the type of service to create for KBS
-  // Default value is ClusterIP
-  // +optional
   KbsServiceType corev1.ServiceType `json:"kbsServiceType,omitempty"`
 
   // KbsDeploymentType is the type of KBS deployment
   // It can assume one of the following values:
   //    AllInOneDeployment: all the KBS components will be deployed in the same container
-  //    MicroservicesDeployment: all the KBS components will be deployed in separate containers
-  // +kubebuilder:validation:Enum=AllInOneDeployment;MicroservicesDeployment
-  // Default value is AllInOneDeployment
-  // +optional
+  //    MicroservicesDeployment: all the KBS components will be deployed in separate containers (part of the same Kubernetes pod)
   KbsDeploymentType DeploymentType `json:"kbsDeploymentType,omitempty"`
-
+ 
   // KbsHttpsKeySecretName is the name of the secret that contains the KBS https private key
   KbsHttpsKeySecretName string `json:"kbsHttpsKeySecretName,omitempty"`
 
   // KbsHttpsCertSecretName is the name of the secret that contains the KBS https certificate
   KbsHttpsCertSecretName string `json:"kbsHttpsCertSecretName,omitempty"`
 
+  // KbsHttpsKeySecretName is the name of the secret that contains the KBS https private key
+  KbsHttpsKeySecretName string `json:"kbsHttpsKeySecretName,omitempty"`
+
   // KbsSecretResources is an array of secret names that contain the keys required by clients
-  // +optional
   KbsSecretResources []string `json:"kbsSecretResources,omitempty"`
-
-  // kbsResourcePolicyConfigMapName is the name of the configmap that contains the Resource Policy
-  // +optional
-  KbsResourcePolicyConfigMapName string `json:"kbsResourcePolicyConfigMapName,omitempty"`
-
-  // tdxConfigSpec is the struct that hosts the TDX specific configuration
-  // +optional
-  TdxConfigSpec TdxConfigSpec `json:"tdxConfigSpec,omitempty"`
 }
-
-// TdxConfigSpec defines the desired state for TDX configuration
-type TdxConfigSpec struct {
-  // kbsTdxConfigMapName is the name of the configmap containing sgx_default_qcnl.conf file
-  // +optional
-  KbsTdxConfigMapName string `json:"kbsTdxConfigMapName,omitempty"`
-}```
+```
 
 Note: the default deployment type is ```MicroservicesDeployment```.
 The examples below apply to this mode.
@@ -154,10 +133,6 @@ spec:
   kbsHttpsCertSecretName: kbs-https-certificate
   # K8s Secrets to be made available to KBS clients
   kbsSecretResources: ["kbsres1"]
-  # Resource policy
-  kbsResourcePolicyConfigMapName: resource-policy
-  # TDX configuration file
-  kbsTdxConfigMapName: tdx-config
 ```
 
 ## Getting Started

diff --git a/api/v1alpha1/kbsconfig_types.go b/api/v1alpha1/kbsconfig_types.go
@@ -36,13 +36,6 @@ const (
 	DeploymentTypeMicroservices DeploymentType = "MicroservicesDeployment"
 )
 
-// TdxConfigSpec defines the desired state for TDX configuration
-type TdxConfigSpec struct {
-	// kbsTdxConfigMapName is the name of the configmap containing sgx_default_qcnl.conf file
-	// +optional
-	KbsTdxConfigMapName string `json:"kbsTdxConfigMapName,omitempty"`
-}
-
 // KbsConfigSpec defines the desired state of KbsConfig
 type KbsConfigSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
@@ -52,13 +45,9 @@ type KbsConfigSpec struct {
 	KbsConfigMapName string `json:"kbsConfigMapName,omitempty"`
 
 	// KbsAsConfigMapName is the name of the configmap that contains the KBS AS configuration
-	// Required only when MicroservicesDeployment is set
-	// +optional
 	KbsAsConfigMapName string `json:"kbsAsConfigMapName,omitempty"`
 
 	// KbsRvpsConfigMapName is the name of the configmap that contains the KBS RVPS configuration
-	// Required only when MicroservicesDeployment is set
-	// +optional
 	KbsRvpsConfigMapName string `json:"kbsRvpsConfigMapName,omitempty"`
 
 	// kbsRvpsRefValuesConfigMapName is the name of the configmap that contains the RVPS reference values
@@ -68,17 +57,12 @@ type KbsConfigSpec struct {
 	KbsAuthSecretName string `json:"kbsAuthSecretName,omitempty"`
 
 	// KbsServiceType is the type of service to create for KBS
-	// Default value is ClusterIP
-	// +optional
 	KbsServiceType corev1.ServiceType `json:"kbsServiceType,omitempty"`
 
 	// KbsDeploymentType is the type of KBS deployment
 	// It can assume one of the following values:
 	//    AllInOneDeployment: all the KBS components will be deployed in the same container
 	//    MicroservicesDeployment: all the KBS components will be deployed in separate containers
-	// +kubebuilder:validation:Enum=AllInOneDeployment;MicroservicesDeployment
-	// Default value is AllInOneDeployment
-	// +optional
 	KbsDeploymentType DeploymentType `json:"kbsDeploymentType,omitempty"`
 
 	// KbsHttpsKeySecretName is the name of the secret that contains the KBS https private key
@@ -88,16 +72,7 @@ type KbsConfigSpec struct {
 	KbsHttpsCertSecretName string `json:"kbsHttpsCertSecretName,omitempty"`
 
 	// KbsSecretResources is an array of secret names that contain the keys required by clients
-	// +optional
 	KbsSecretResources []string `json:"kbsSecretResources,omitempty"`
-
-	// kbsResourcePolicyConfigMapName is the name of the configmap that contains the Resource Policy
-	// +optional
-	KbsResourcePolicyConfigMapName string `json:"kbsResourcePolicyConfigMapName,omitempty"`
-
-	// tdxConfigSpec is the struct that hosts the TDX specific configuration
-	// +optional
-	TdxConfigSpec TdxConfigSpec `json:"tdxConfigSpec,omitempty"`
 }
 
 // KbsConfigStatus defines the observed state of KbsConfig

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/bundle/manifests/confidentialcontainers.org_kbsconfigs.yaml b/bundle/manifests/confidentialcontainers.org_kbsconfigs.yaml
@@ -40,9 +40,8 @@ spec:
             description: KbsConfigSpec defines the desired state of KbsConfig
             properties:
               kbsAsConfigMapName:
-                description: |-
-                  KbsAsConfigMapName is the name of the configmap that contains the KBS AS configuration
-                  Required only when MicroservicesDeployment is set
+                description: KbsAsConfigMapName is the name of the configmap that
+                  contains the KBS AS configuration
                 type: string
               kbsAuthSecretName:
                 description: KbsAuthSecretName is the name of the secret that contains
@@ -58,10 +57,6 @@ spec:
                   It can assume one of the following values:
                      AllInOneDeployment: all the KBS components will be deployed in the same container
                      MicroservicesDeployment: all the KBS components will be deployed in separate containers
-                  Default value is AllInOneDeployment
-                enum:
-                - AllInOneDeployment
-                - MicroservicesDeployment
                 type: string
               kbsHttpsCertSecretName:
                 description: KbsHttpsCertSecretName is the name of the secret that
@@ -71,14 +66,9 @@ spec:
                 description: KbsHttpsKeySecretName is the name of the secret that
                   contains the KBS https private key
                 type: string
-              kbsResourcePolicyConfigMapName:
-                description: kbsResourcePolicyConfigMapName is the name of the configmap
-                  that contains the Resource Policy
-                type: string
               kbsRvpsConfigMapName:
-                description: |-
-                  KbsRvpsConfigMapName is the name of the configmap that contains the KBS RVPS configuration
-                  Required only when MicroservicesDeployment is set
+                description: KbsRvpsConfigMapName is the name of the configmap that
+                  contains the KBS RVPS configuration
                 type: string
               kbsRvpsRefValuesConfigMapName:
                 description: kbsRvpsRefValuesConfigMapName is the name of the configmap
@@ -91,19 +81,8 @@ spec:
                   type: string
                 type: array
               kbsServiceType:
-                description: |-
-                  KbsServiceType is the type of service to create for KBS
-                  Default value is ClusterIP
+                description: KbsServiceType is the type of service to create for KBS
                 type: string
-              tdxConfigSpec:
-                description: tdxConfigSpec is the struct that hosts the TDX specific
-                  configuration
-                properties:
-                  kbsTdxConfigMapName:
-                    description: kbsTdxConfigMapName is the name of the configmap
-                      containing sgx_default_qcnl.conf file
-                    type: string
-                type: object
             type: object
           status:
             description: KbsConfigStatus defines the observed state of KbsConfig

diff --git a/bundle/manifests/resource-policy-sample_v1_configmap.yaml b/bundle/manifests/resource-policy-sample_v1_configmap.yaml
diff --git a/bundle/manifests/tdx-config-sample_v1_configmap.yaml b/bundle/manifests/tdx-config-sample_v1_configmap.yaml
diff --git a/bundle/manifests/trustee-operator.clusterserviceversion.yaml b/bundle/manifests/trustee-operator.clusterserviceversion.yaml
@@ -22,9 +22,7 @@ metadata:
             "kbsAuthSecretName": "kbs-auth-public-key",
             "kbsConfigMapName": "kbs-config",
             "kbsDeploymentType": "AllInOneDeployment",
-            "kbsResourcePolicyConfigMapName": "resource-policy",
-            "kbsRvpsRefValuesConfigMapName": "rvps-reference-values",
-            "kbsTdxConfigMapName": "tdx-config"
+            "kbsRvpsRefValuesConfigMapName": "rvps-reference-values"
           }
         }
       ]

diff --git a/config/crd/bases/confidentialcontainers.org_kbsconfigs.yaml b/config/crd/bases/confidentialcontainers.org_kbsconfigs.yaml
@@ -40,9 +40,8 @@ spec:
             description: KbsConfigSpec defines the desired state of KbsConfig
             properties:
               kbsAsConfigMapName:
-                description: |-
-                  KbsAsConfigMapName is the name of the configmap that contains the KBS AS configuration
-                  Required only when MicroservicesDeployment is set
+                description: KbsAsConfigMapName is the name of the configmap that
+                  contains the KBS AS configuration
                 type: string
               kbsAuthSecretName:
                 description: KbsAuthSecretName is the name of the secret that contains
@@ -58,10 +57,6 @@ spec:
                   It can assume one of the following values:
                      AllInOneDeployment: all the KBS components will be deployed in the same container
                      MicroservicesDeployment: all the KBS components will be deployed in separate containers
-                  Default value is AllInOneDeployment
-                enum:
-                - AllInOneDeployment
-                - MicroservicesDeployment
                 type: string
               kbsHttpsCertSecretName:
                 description: KbsHttpsCertSecretName is the name of the secret that
@@ -71,14 +66,9 @@ spec:
                 description: KbsHttpsKeySecretName is the name of the secret that
                   contains the KBS https private key
                 type: string
-              kbsResourcePolicyConfigMapName:
-                description: kbsResourcePolicyConfigMapName is the name of the configmap
-                  that contains the Resource Policy
-                type: string
               kbsRvpsConfigMapName:
-                description: |-
-                  KbsRvpsConfigMapName is the name of the configmap that contains the KBS RVPS configuration
-                  Required only when MicroservicesDeployment is set
+                description: KbsRvpsConfigMapName is the name of the configmap that
+                  contains the KBS RVPS configuration
                 type: string
               kbsRvpsRefValuesConfigMapName:
                 description: kbsRvpsRefValuesConfigMapName is the name of the configmap
@@ -91,19 +81,8 @@ spec:
                   type: string
                 type: array
               kbsServiceType:
-                description: |-
-                  KbsServiceType is the type of service to create for KBS
-                  Default value is ClusterIP
+                description: KbsServiceType is the type of service to create for KBS
                 type: string
-              tdxConfigSpec:
-                description: tdxConfigSpec is the struct that hosts the TDX specific
-                  configuration
-                properties:
-                  kbsTdxConfigMapName:
-                    description: kbsTdxConfigMapName is the name of the configmap
-                      containing sgx_default_qcnl.conf file
-                    type: string
-                type: object
             type: object
           status:
             description: KbsConfigStatus defines the observed state of KbsConfig

diff --git a/config/manifests/bases/trustee-operator.clusterserviceversion.yaml b/config/manifests/bases/trustee-operator.clusterserviceversion.yaml
@@ -4,9 +4,6 @@ metadata:
   annotations:
     alm-examples: '[]'
     capabilities: Basic Install
-    categories: Security
-    containerImage: quay.io/confidential-containers/trustee-operator:v0.1.0
-    support: Confidential Containers Community
   name: trustee-operator.v0.0.0
   namespace: placeholder
 spec:
@@ -49,8 +46,6 @@ spec:
     name: Pradipta Banerjee
   - email: [email protected]
     name: Jens Freimann
-  - email: [email protected]
-    name: Leonardo Milleri
   maturity: alpha
   provider:
     name: Confidential Containers Community

diff --git a/config/samples/all-in-one/kustomization.yaml b/config/samples/all-in-one/kustomization.yaml
@@ -19,15 +19,11 @@ generatorOptions:
 
 patches:
 - path: patch-ref-values.yaml
-- path: patch-resource-policy.yaml
-- path: patch-tdx-config.yaml
 # uncomment the following line for injecting sample resources in kbs
 #- path: patch-kbs-resources.yaml
 
 resources:
 - kbsconfig_sample.yaml
 - kbs-config.yaml
 - rvps-reference-values.yaml
-- resource-policy.yaml
-- tdx-config.yaml
 #+kubebuilder:scaffold:manifestskustomizesamples
diff --git a/config/samples/all-in-one/patch-resource-policy.yaml b/config/samples/all-in-one/patch-resource-policy.yaml
diff --git a/config/samples/all-in-one/patch-tdx-config.yaml b/config/samples/all-in-one/patch-tdx-config.yaml
diff --git a/config/samples/all-in-one/resource-policy.yaml b/config/samples/all-in-one/resource-policy.yaml