Let's just rely on whatever we have on main. The big execption here is
TDVF, but we have a big note saying to not update the version n this
branch.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
We can just rely on the hypervisors builds from `main`, with the TDX one
being the only discrepancy here.
However, we have a big note in the versions.yaml to **not** update the
TDX hypervisor versions on this branch, so we should be good.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The k8s.gcr.io is deprecated for a while now and has been redirected to
registry.k8s.io. However on some bare-metal machines in our testing
pools that redirection is not working, so let's just replace the
registries.
Fixes#6461
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
DEFSERVICEOFFLOAD controls whether images are pulled inside
the guest. This should always be set for CoCo, not just
when we use MEASURED_ROOTFS.
Fixes: #7350
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
- Bump kernel version to reflect that they are changes
- We've some how gone out of sync with main, so just add a +
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
Remove the logic that made the kata-remote containerd config not support
io.katacontainers annotations
Fixes: #7265
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
SNP's QEMU has changed its name some time ago and, due to that, we have
been leaving the new binary behind during the uninstall process, which
lead to the Operator hanging when uninstalling.
Fixes: #7233
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
This allows setting `USE_CACHE=no` to test building e2e during
developmet without having to comment code blocks and so forth.
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
This enables building CLH with glibc and the mshv feature as required
for Mariner. At test time, it also configures Kata to use that CLH
flavor when running Mariner.
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
Mariner ships a bleeding-edge kernel that might be ahead of upstream, so
we use that to guarantee compatibility with the host.
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
* Adds a new `rootfs-initrd-mariner` build target.
* Sets the custom initrd path via annotation in `setup.sh` at test
time.
* Adapts versions.yaml to specify a `cbl-mariner` initrd variant.
* Introduces env variable `HOST_OS` at deploy time to enable using a
custom initrd.
* Refactors the image builder so that its caller specifies the desired
guest OS.
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
This PR replaces single spaces for tabs in order to fix the indentation
in the init.sh script.
Fixes#7147
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
This is to set a default value for `AA_KBC` for the make target `cc_rootfs_initrd_tarball`.
Fixes: #7121
Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
This will help to not have to build those on every CI run, and rather
take advantage of the cached image.
Fixes: #7084
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
(cherry picked from commit c720869eef)
Let's add the needed infra for only building and pushing the initramfs
builder image to the Kata Containers' quay.io registry.
Fixes: #7084
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
(cherry picked from commit 111ad87828)
Let's first try to pull a pre-existing image, instead of building our
own, to be used as a builder for the initramds.
This will save us some CI time.
Fixes: #7084
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
(cherry picked from commit ebf6c83839)
For the GPU CC use case we need to set several crypto algorithms.
The driver relies on them in the CC case.
Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
Use now the sev.conf rather then the snp.conf.
Devices can be prestend in two different way in the
container (1) as vfio devices /dev/vfio/<num>
(2) the device is managed by whataever driver in
the VM kernel claims it.
Fixes: #6844
Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
This fixes the builds of `cloud-hypervisor-glibc` and
`rootfs-initrd-mariner` to properly create the `build/` directory.
Fixes: #7098
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
Qemu for SNP is experimental. Thus, when building QEMU for SNP we need to create a builder that builds experimental qemu for CC.
Fixes: #7059
Signed-Off-By: Unmesh Deodhar <udeodhar@amd.com>
Nobody has volunteered to maintain the (currently broken) snap build, so
remove it.
Fixes: #6769.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
