Update payloads to using the ubuntu base image #180
Conversation
|
/test |
fidencio
force-pushed
the
topic/update-kata-payload-image-to-using-ubuntu-as-base
branch
from
12208e8
to
b3a6dbd
Compare
|
/test |
|
The SEV job failed because it hit pull limit to docker.io: Have you seen that problem often, @ryansavino , @UnmeshDeodhar ? |
There was a problem hiding this comment.
LGTM. IIUC it is going to fix the operator that got problem by changes on kata-deploy (http://jenkins.katacontainers.io/blue/organizations/jenkins/confidential-containers-ci/detail/confidential-containers-ci/16/pipeline)
Yep, thanks @wainersm! I still need to figure out why the enclave-cc test is not passing though. |
I've retriggered the sev job. Looks like the docker hub rate limit affects the operator ci. Maybe we should consider pulling from GHCR or quay? |
I've opened an issue to track that issue: tests/e2e: hitting docker.io/library/registry pull rate limit and @UnmeshDeodhar will be working on a fix. |
|
I debugged the enclave-cc failure and my conclusion is it will not work: I managed to test a workaround but it has implications: when running without dbus, the pods deployed by the operator could run with One observation while debugging this was that we restart systemd twice. I believe |
Hmm. This ia bad, sincerely bad. |
|
@fidencio I could try to ask kind to add dbus and explain our use-case (install custom runtimehandlers) |
fidencio
force-pushed
the
topic/update-kata-payload-image-to-using-ubuntu-as-base
branch
from
eb9178a
to
5d9b391
Compare
|
/test |
fidencio
force-pushed
the
topic/update-kata-payload-image-to-using-ubuntu-as-base
branch
from
79e4252
to
dc8d03d
Compare
|
/test |
|
The TDX failures are do to a pre-existing error: kata-containers/kata-containers#6529 |
| newName: quay.io/confidential-containers/runtime-payload | ||
| newTag: kata-containers-129e43d1ea5cca528b7b97234b7561219208a244-x86_64 | ||
| newName: quay.io/confidential-containers/runtime-payload-ci | ||
| newTag: kata-containers-c9d6b46ea0923672a89e85a01e0d380249e3993f-x86_64 |
There was a problem hiding this comment.
The runtime-payload tags are 13 and 14 days old now. Can we bump this to the latest and re-run the tests, or do you want to do that as a separate PR?
There was a problem hiding this comment.
Hmmm. I'd prefer having this one merged and unblock possible work, but I'm fine on waiting a little bit on that and actually have the TDX fix merged on Kata Containers first.
There was a problem hiding this comment.
That works fine for me - as long as we have it on the list to update this soon :)
fidencio
force-pushed
the
topic/update-kata-payload-image-to-using-ubuntu-as-base
branch
from
dc8d03d
to
3d418f4
Compare
|
/test |
We've updated the preInstall image to use Ubuntu 20.04 instead of CentOS, but we didn't fully reflect the changes for Enclave CC. Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
fidencio
force-pushed
the
topic/update-kata-payload-image-to-using-ubuntu-as-base
branch
from
3d418f4
to
a61ba8f
Compare
|
/test |
Both Enclave CC and Kata Containers have switched to using a base image for their payloads, and we should make sure it works on our side. As part of the change, we need to update the hostPath / mountPath to reflect what's needed in order to be able to call `systemctl restart ...` using the new Ubuntu base image. Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
fidencio
force-pushed
the
topic/update-kata-payload-image-to-using-ubuntu-as-base
branch
from
a61ba8f
to
c0d0080
Compare
|
/test |
- The upstream runtime-payload is based on ubuntu now, so we need to update systemd and dbus paths to be compatible - See confidential-containers/operator#180 Fixes: confidential-containers#869 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
- The upstream runtime-payload is based on ubuntu now, so we need to update systemd and dbus paths to be compatible - See confidential-containers/operator#180 Fixes: #869 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
- The upstream runtime-payload is based on ubuntu now, so we need to update systemd and dbus paths to be compatible - See confidential-containers/operator#180 Fixes: confidential-containers#869 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
- The upstream runtime-payload is based on ubuntu now, so we need to update systemd and dbus paths to be compatible - See confidential-containers/operator#180 Fixes: confidential-containers#869 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
enclave-cc: Fix preInstall image tag / hostPath / mountPath
We've updated the preInstall image to use Ubuntu 20.04 instead of
CentOS, but we didn't fully reflect the changes for Enclave CC.
payloads: Update to an image using ubuntu as base
Both Enclave CC and Kata Containers have switched to using a base image
for their payloads, and we should make sure it works on our side.
As part of the change, we need to update the hostPath / mountPath to
reflect what's needed in order to be able to call
systemctl restart ...using the new Ubuntu base image.