8.17. 创建 KbsConfig 自定义资源

流程

1. 创建 kbsconfig-cr.yaml 清单文件：

   apiVersion: confidentialcontainers.org/v1alpha1
   kind: KbsConfig
   metadata:
     labels:
       app.kubernetes.io/name: kbsconfig
       app.kubernetes.io/instance: kbsconfig
       app.kubernetes.io/part-of: trustee-operator
       app.kubernetes.io/managed-by: kustomize
       app.kubernetes.io/created-by: trustee-operator
     name: kbsconfig
     namespace: trustee-operator-system
   spec:
     kbsConfigMapName: kbs-config-cm
     kbsAuthSecretName: kbs-auth-public-key
     kbsDeploymentType: AllInOneDeployment
     kbsRvpsRefValuesConfigMapName: rvps-reference-values
     kbsSecretResources: ["kbsres1", "security-policy", "<type>"] 

   1

   
     kbsResourcePolicyConfigMapName: resource-policy
     kbsAttestationPolicyConfigMapName: attestation-policy
     kbsHttpsKeySecretName: kbs-https-key
     kbsHttpsCertSecretName: kbs-https-certificate
     kbsServiceType: NodePort
     ibmSEConfigSpec:
       certStorePvc: ibmse-pvc
     KbsEnvVars:
       SE_SKIP_CERTS_VERIFICATION: "false" 

   2

   1

   可选：如果您创建了 secret，指定容器镜像签名验证 secret 的 type 值，如 img-sig。如果您没有创建 secret，将 kbsSecretResources 值设置为 ["kbsres1", "security-policy "]。

   2

   仅为测试目的指定 true。

2. 运行以下命令来创建 KbsConfig CR：

   $ oc apply -f kbsconfig-cr.yaml