Skip to content

Commit

Permalink
rename runtime: kata-cc-isolation -> contrast-cc-isolation
Browse files Browse the repository at this point in the history
  • Loading branch information
malt3 committed Mar 16, 2024
1 parent 8fe5a7c commit 6cbc8e9
Show file tree
Hide file tree
Showing 19 changed files with 21 additions and 21 deletions.
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ The Contrast CLI provides the tooling for automatically translating Kubernetes d
The trust chain goes as follows:

1. The Contrast CLI generates a policy and attaches it to the pod definition.
2. Kubernetes schedules the pod on a node with kata-cc-isolation runtime.
2. Kubernetes schedules the pod on a node with contrast-cc-isolation runtime.
3. Containerd takes the node, starts the Kata Shim and creates the pod sandbox.
4. The Kata runtime starts a CVM with the policy's digest as `HOSTDATA`.
5. The Kata runtime sets the policy using the `SetPolicy` method.
Expand Down Expand Up @@ -180,13 +180,13 @@ helm template release-name chart-name > resources/all.yml
```

To specify that a workload (pod, deployment, etc.) should be deployed as confidential containers,
add `runtimeClassName: kata-cc-isolation` to the pod spec (pod definition or template).
add `runtimeClassName: contrast-cc-isolation` to the pod spec (pod definition or template).
In addition, add the Contrast Initializer as `initContainers` to these workloads and configure the
workload to use the certificates written to the `tls-certs` volumeMount.

```yaml
spec: # v1.PodSpec
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/contrast/initializer:latest"
Expand Down
2 changes: 1 addition & 1 deletion cli/cmd/generate.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ func findGenerateTargets(args []string, logger *slog.Logger) ([]string, error) {
}
}

paths = filterNonCoCoRuntime("kata-cc-isolation", paths, logger)
paths = filterNonCoCoRuntime("contrast-cc-isolation", paths, logger)

if len(paths) == 0 {
return nil, fmt.Errorf("no .yml/.yaml files found")
Expand Down
2 changes: 1 addition & 1 deletion deployments/emojivoto-sm-egress/coordinator.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
annotations:
contrast.edgeless.systems/pod-role: coordinator
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
containers:
- name: coordinator
image: "ghcr.io/edgelesssys/contrast/coordinator:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/emojivoto-sm-egress/emoji.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
app.kubernetes.io/name: emoji-svc
version: v11
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/contrast/initializer:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/emojivoto-sm-egress/voting.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
app.kubernetes.io/name: voting-svc
version: v11
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/contrast/initializer:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/emojivoto-sm-egress/web.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
app.kubernetes.io/name: web-svc
version: v11
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/contrast/initializer:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/emojivoto/coordinator.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
annotations:
contrast.edgeless.systems/pod-role: coordinator
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
containers:
- name: coordinator
image: "ghcr.io/edgelesssys/contrast/coordinator:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/emojivoto/emoji.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
app.kubernetes.io/name: emoji-svc
version: v11
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/contrast/initializer:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/emojivoto/voting.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
app.kubernetes.io/name: voting-svc
version: v11
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/contrast/initializer:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/emojivoto/web.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
app.kubernetes.io/name: web-svc
version: v11
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/contrast/initializer:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/openssl/coordinator.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
annotations:
contrast.edgeless.systems/pod-role: coordinator
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
containers:
- name: coordinator
image: "ghcr.io/edgelesssys/contrast/coordinator:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/openssl/openssl-backend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
labels:
app.kubernetes.io/name: openssl-backend
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/contrast/initializer:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/openssl/openssl-client.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
labels:
app.kubernetes.io/name: openssl-client
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/contrast/initializer:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/openssl/openssl-frontend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
labels:
app.kubernetes.io/name: openssl-frontend
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/contrast/initializer:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/simple/coordinator.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
annotations:
contrast.edgeless.systems/pod-role: coordinator
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
containers:
- name: coordinator
image: "ghcr.io/edgelesssys/contrast/coordinator:latest"
Expand Down
2 changes: 1 addition & 1 deletion deployments/simple/initializer.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
labels:
app.kubernetes.io/name: workload
spec:
runtimeClassName: kata-cc-isolation
runtimeClassName: contrast-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/contrast/initializer:latest"
Expand Down
2 changes: 1 addition & 1 deletion dev-docs/user-manual.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ The Contrast CLI provides the tooling for automatically translating Kubernetes d
The trust chain goes as follows:

1. The Contrast CLI generates a policy and attaches it to the pod definition.
2. Kubernetes schedules the pod on a node with kata-cc-isolation runtime.
2. Kubernetes schedules the pod on a node with contrast-cc-isolation runtime.
3. Containerd takes the node, starts the Kata Shim and creates the pod sandbox.
4. The Kata runtime starts a CVM with the policy's digest as `HOSTDATA`.
5. The Kata runtime sets the policy using the `SetPolicy` method.
Expand Down
2 changes: 1 addition & 1 deletion e2e/internal/kuberesource/parts.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ func Coordinator(namespace string) *CoordinatorConfig {
WithLabels(map[string]string{"app.kubernetes.io/name": "coordinator"}).
WithAnnotations(map[string]string{"contrast.edgeless.systems/pod-role": "coordinator"}).
WithSpec(PodSpec().
WithRuntimeClassName("kata-cc-isolation").
WithRuntimeClassName("contrast-cc-isolation").
WithContainers(
Container().
WithName("coordinator").
Expand Down
2 changes: 1 addition & 1 deletion e2e/internal/kuberesource/sets.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ func Simple() ([]any, error) {
WithTemplate(PodTemplateSpec().
WithLabels(map[string]string{"app.kubernetes.io/name": "workload"}).
WithSpec(PodSpec().
WithRuntimeClassName("kata-cc-isolation").
WithRuntimeClassName("contrast-cc-isolation").
WithContainers(
Container().
WithName("workload").
Expand Down

0 comments on commit 6cbc8e9

Please sign in to comment.