Feat/runtime/peer pods e2e #963

3u13r · 2024-10-29T15:22:27Z

With this PR you should be able to create a AKS PeerPods SNP cluster and successfully run the openssl tests:

just create AKS-PEER-SNP
just get-credentials-peerpod
just e2e openssl AKS-PEER-SNP

TODOs before merging, which should likely be done in separate PRs:

Implement SNP/vTPM attestation to replace "wip: introduce insecure attestation"
Implement genpolicy "hacks" that are not already covered by peer-pods: pass policy hash via userdata #941. This likely only refers to the network namespace part of the commit
"wip: introduce insecure attestation" also adds the issuer and validator regardless if it's specified in the manifest. If not implemented in the PR that implements the SNP/vTPM attestation, implement the attestation also in the manifest.

3u13r added 7 commits October 29, 2024 16:22

oid: move oid attestation check to oid package

9feaa62

wip: genpolicy: peer pods hacks

8b34e47

cli: error when no genpolicy config could be generated

f0394cb

coordinator: log aTLS errors that are otherwise dropped by go

d82c0ef

wip: introduce insecure attestation

6f25a1d

wip: introcude AKSPEERSNP platform

9d8d5cd

[no ci] coordinator: don't exit when no disk is found

b8c76b5

3u13r force-pushed the feat/runtime/peer-pods-e2e branch from 7628669 to b8c76b5 Compare October 29, 2024 15:23

Provide feedback