-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update payloads to using the ubuntu base image #180
Update payloads to using the ubuntu base image #180
Conversation
/test |
12208e8
to
b3a6dbd
Compare
/test |
The SEV job failed because it hit pull limit to docker.io:
Have you seen that problem often, @ryansavino , @UnmeshDeodhar ? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. IIUC it is going to fix the operator that got problem by changes on kata-deploy (http://jenkins.katacontainers.io/blue/organizations/jenkins/confidential-containers-ci/detail/confidential-containers-ci/16/pipeline)
Yep, thanks @wainersm! I still need to figure out why the enclave-cc test is not passing though. |
I've retriggered the sev job. Looks like the docker hub rate limit affects the operator ci. Maybe we should consider pulling from GHCR or quay? |
I've opened an issue to track that issue: tests/e2e: hitting docker.io/library/registry pull rate limit and @UnmeshDeodhar will be working on a fix. |
I debugged the enclave-cc failure and my conclusion is it will not work: I managed to test a workaround but it has implications: when running without dbus, the pods deployed by the operator could run with One observation while debugging this was that we restart systemd twice. I believe |
Hmm. This ia bad, sincerely bad. |
@fidencio I could try to ask kind to add dbus and explain our use-case (install custom runtimehandlers) |
eb9178a
to
5d9b391
Compare
/test |
79e4252
to
dc8d03d
Compare
/test |
The TDX failures are do to a pre-existing error: kata-containers/kata-containers#6529 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple of questions about versions
newName: quay.io/confidential-containers/runtime-payload | ||
newTag: kata-containers-129e43d1ea5cca528b7b97234b7561219208a244-x86_64 | ||
newName: quay.io/confidential-containers/runtime-payload-ci | ||
newTag: kata-containers-c9d6b46ea0923672a89e85a01e0d380249e3993f-x86_64 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The runtime-payload tags are 13 and 14 days old now. Can we bump this to the latest and re-run the tests, or do you want to do that as a separate PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmm. I'd prefer having this one merged and unblock possible work, but I'm fine on waiting a little bit on that and actually have the TDX fix merged on Kata Containers first.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That works fine for me - as long as we have it on the list to update this soon :)
dc8d03d
to
3d418f4
Compare
/test |
We've updated the preInstall image to use Ubuntu 20.04 instead of CentOS, but we didn't fully reflect the changes for Enclave CC. Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
3d418f4
to
a61ba8f
Compare
/test |
Both Enclave CC and Kata Containers have switched to using a base image for their payloads, and we should make sure it works on our side. As part of the change, we need to update the hostPath / mountPath to reflect what's needed in order to be able to call `systemctl restart ...` using the new Ubuntu base image. Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
a61ba8f
to
c0d0080
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for bumping the runtime payload versions. Assuming the tests are passing, LGTM!
- The upstream runtime-payload is based on ubuntu now, so we need to update systemd and dbus paths to be compatible - See confidential-containers/operator#180 Fixes: confidential-containers#869 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
- The upstream runtime-payload is based on ubuntu now, so we need to update systemd and dbus paths to be compatible - See confidential-containers/operator#180 Fixes: #869 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
- The upstream runtime-payload is based on ubuntu now, so we need to update systemd and dbus paths to be compatible - See confidential-containers/operator#180 Fixes: confidential-containers#869 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
- The upstream runtime-payload is based on ubuntu now, so we need to update systemd and dbus paths to be compatible - See confidential-containers/operator#180 Fixes: confidential-containers#869 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
enclave-cc: Fix preInstall image tag / hostPath / mountPath
We've updated the preInstall image to use Ubuntu 20.04 instead of
CentOS, but we didn't fully reflect the changes for Enclave CC.
payloads: Update to an image using ubuntu as base
Both Enclave CC and Kata Containers have switched to using a base image
for their payloads, and we should make sure it works on our side.
As part of the change, we need to update the hostPath / mountPath to
reflect what's needed in order to be able to call
systemctl restart ...
using the new Ubuntu base image.