8.13. Trustee config map の作成

手順

1. kbs-config-cm.yaml マニフェストファイルを作成します。

   apiVersion: v1
   kind: ConfigMap
   metadata:
     name: kbs-config-cm
     namespace: trustee-operator-system
   data:
   
   
   
   
   
   
   
   
   
     kbs-config.toml: |
       [http_server]
       sockets = ["0.0.0.0:8080"]
       insecure_http = false
       private_key = "/etc/https-key/https.key"
       certificate = "/etc/https-cert/https.crt"
   
       [admin]
       insecure_api = false
       auth_public_key = "/etc/auth-secret/publicKey"
   
       [attestation_token]
       insecure_key = true
       attestation_token_type = "CoCo"
   
       [attestation_service]
       type = "coco_as_builtin"
       work_dir = "/opt/confidential-containers/attestation-service"
       policy_engine = "opa"
   
       [attestation_service.attestation_token_broker]
       type = "Simple"
       policy_dir = "/opt/confidential-containers/attestation-service/policies"
   
       [attestation_service.attestation_token_config]
       duration_min = 5
   
       [attestation_service.rvps_config]
       type = "BuiltIn"
   
       [attestation_service.rvps_config.storage]
       type = "LocalJson"
       file_path = "/opt/confidential-containers/rvps/reference-values/reference-values.json"
   
       [[plugins]]
       name = "resource"
       type = "LocalFs"
       dir_path = "/opt/confidential-containers/kbs/repository"
   
       [policy_engine]
       policy_path = "/opt/confidential-containers/opa/policy.rego"

2. 以下のコマンドを実行して config map を作成します。

   $ oc apply -f kbs-config-cm.yaml