cli: use peerpod node installer

cli/genpolicy/assets/genpolicy-peerpod

@@ -0,0 +1 @@
+# THIS FILE IS REPLACED DURING BUILD AND ONLY HERE TO SATISFY GO TOOLING

cli/genpolicy/assets/genpolicy-rules-peerpod.rego

@@ -0,0 +1 @@
+# THIS FILE IS REPLACED DURING BUILD AND ONLY HERE TO SATISFY GO TOOLING

cli/genpolicy/assets/genpolicy-settings-peerpod.json

@@ -0,0 +1 @@
+"THIS FILE IS REPLACED DURING BUILD AND ONLY HERE TO SATISFY GO TOOLING"

cli/genpolicy/config.go

@@ -14,14 +14,20 @@ var (
 	aksGenpolicyBin []byte
 	//go:embed assets/genpolicy-kata
 	kataGenpolicyBin []byte
+	//go:embed assets/genpolicy-peerpod
+	peerpodGenpolicyBin []byte
 	//go:embed assets/genpolicy-settings-microsoft.json
 	aksSettings []byte
 	//go:embed assets/genpolicy-settings-kata.json
 	kataSettings []byte
+	//go:embed assets/genpolicy-settings-peerpod.json
+	peerpodSettings []byte
 	//go:embed assets/genpolicy-rules-microsoft.rego
 	aksRules []byte
 	//go:embed assets/genpolicy-rules-kata.rego
 	kataRules []byte
+	//go:embed assets/genpolicy-rules-peerpod.rego
+	peerpodRules []byte
 )
 
 // Config contains configuration files for genpolicy.
@@ -43,12 +49,18 @@ func NewConfig(platform platforms.Platform) *Config {
 			Settings: aksSettings,
 			Bin:      aksGenpolicyBin,
 		}
-	case platforms.AKSPeerSNP, platforms.K3sQEMUSNP, platforms.K3sQEMUTDX, platforms.RKE2QEMUTDX:
+	case platforms.K3sQEMUSNP, platforms.K3sQEMUTDX, platforms.RKE2QEMUTDX:
 		return &Config{
 			Rules:    kataRules,
 			Settings: kataSettings,
 			Bin:      kataGenpolicyBin,
 		}
+	case platforms.AKSPeerSNP:
+		return &Config{
+			Rules:    peerpodRules,
+			Settings: peerpodSettings,
+			Bin:      peerpodGenpolicyBin,
+		}
 	default:
 		return nil
 	}

cli/main.go

@@ -105,8 +105,10 @@ func buildVersionString() (string, error) {
 		switch platform {
 		case platforms.AKSCloudHypervisorSNP:
 			fmt.Fprintf(versionsWriter, "\tgenpolicy version:\t%s\n", constants.MicrosoftGenpolicyVersion)
-		case platforms.AKSPeerSNP, platforms.K3sQEMUSNP, platforms.K3sQEMUTDX, platforms.RKE2QEMUTDX:
+		case platforms.K3sQEMUSNP, platforms.K3sQEMUTDX, platforms.RKE2QEMUTDX:
 			fmt.Fprintf(versionsWriter, "\tgenpolicy version:\t%s\n", constants.KataGenpolicyVersion)
+		case platforms.AKSPeerSNP:
+			fmt.Fprintf(versionsWriter, "\tgenpolicy version:\t%s\n", constants.PeerpodGenpolicyVersion)
 		}
 	}
 

internal/constants/constants.go

@@ -8,6 +8,7 @@ var (
 	Version                   = "0.0.0-dev"
 	MicrosoftGenpolicyVersion = "0.0.0-dev"
 	KataGenpolicyVersion      = "0.0.0-dev"
+	PeerpodGenpolicyVersion   = "0.0.0-dev"
 )
 
 const (

internal/kuberesource/parts.go

@@ -207,7 +207,7 @@ func NodeInstaller(namespace string, platform platforms.Platform) (*NodeInstalle
 		containers = []*applycorev1.ContainerApplyConfiguration{nydusSnapshotter}
 		volumes = nydusSnapshotterVolumes
 	case platforms.AKSPeerSNP:
-		nodeInstallerImageURL = "ghcr.io/edgelesssys/contrast/node-installer-kata:latest"
+		nodeInstallerImageURL = "ghcr.io/edgelesssys/contrast/node-installer-peerpod:latest"
 		containers = []*applycorev1.ContainerApplyConfiguration{nydusSnapshotter, cloudAPIAdaptor}
 		volumes = append(nydusSnapshotterVolumes, cloudAPIAdaptorVolumes...)
 	default:

justfile

@@ -53,7 +53,7 @@ node-installer platform=default_platform:
         ;;
         "AKS-PEER-SNP")
             just push "nydus-snapshotter"
-            just push "node-installer-kata"
+            just push "node-installer-peerpod"
             just push "cloud-api-adaptor"
         ;;
         *)

packages/by-name/cli-release/package.nix

@@ -5,13 +5,15 @@
   contrast,
   kata,
   microsoft,
+  peerpod,
 }:
 
 (contrast.overrideAttrs (
   _finalAttrs: previousAttrs: {
     postPatch = ''
       install -D ${microsoft.genpolicy.settings}/genpolicy-settings.json cli/genpolicy/assets/genpolicy-settings-microsoft.json
       install -D ${kata.genpolicy.settings}/genpolicy-settings.json cli/genpolicy/assets/genpolicy-settings-kata.json
+      install -D ${peerpod.genpolicy.settings}/genpolicy-settings.json cli/genpolicy/assets/genpolicy-settings-peerpod.json
     '';
 
     ldflags = previousAttrs.ldflags ++ [

packages/by-name/contrast/package.nix

@@ -7,6 +7,7 @@
   buildGoTest,
   microsoft,
   kata,
+  peerpod,
   contrast,
   installShellFiles,
 }:
@@ -52,7 +53,7 @@ let
       k3s-qemu-tdx-handler = runtimeHandler "k3s-qemu-tdx" kata.contrast-node-installer-image.runtimeHash;
       rke2-qemu-tdx-handler = runtimeHandler "rke2-qemu-tdx" kata.contrast-node-installer-image.runtimeHash;
       k3s-qemu-snp-handler = runtimeHandler "k3s-qemu-snp" kata.contrast-node-installer-image.runtimeHash;
-      aks-peer-snp-handler = runtimeHandler "aks-peer-snp" kata.contrast-node-installer-image.runtimeHash;
+      aks-peer-snp-handler = runtimeHandler "aks-peer-snp" peerpod.contrast-node-installer-image.runtimeHash;
 
       aksRefVals = {
         snp = [
@@ -184,15 +185,18 @@ buildGoModule rec {
   prePatch = ''
     install -D ${lib.getExe microsoft.genpolicy} cli/genpolicy/assets/genpolicy-microsoft
     install -D ${lib.getExe kata.genpolicy} cli/genpolicy/assets/genpolicy-kata
+    install -D ${lib.getExe peerpod.genpolicy} cli/genpolicy/assets/genpolicy-peerpod
     install -D ${microsoft.genpolicy.rules}/genpolicy-rules.rego cli/genpolicy/assets/genpolicy-rules-microsoft.rego
     install -D ${kata.genpolicy.rules}/genpolicy-rules.rego cli/genpolicy/assets/genpolicy-rules-kata.rego
+    install -D ${peerpod.genpolicy.rules}/genpolicy-rules.rego cli/genpolicy/assets/genpolicy-rules-peerpod.rego
     install -D ${embeddedReferenceValues} internal/manifest/assets/reference-values.json
   '';
 
   # postPatch will be overwritten by the release-cli derivation, prePatch
   postPatch = ''
     install -D ${microsoft.genpolicy.settings-dev}/genpolicy-settings.json cli/genpolicy/assets/genpolicy-settings-microsoft.json
     install -D ${kata.genpolicy.settings-dev}/genpolicy-settings.json cli/genpolicy/assets/genpolicy-settings-kata.json
+    install -D ${peerpod.genpolicy.settings-dev}/genpolicy-settings.json cli/genpolicy/assets/genpolicy-settings-peerpod.json
   '';
 
   CGO_ENABLED = 0;
@@ -201,6 +205,7 @@ buildGoModule rec {
     "-X github.com/edgelesssys/contrast/internal/constants.Version=v${version}"
     "-X github.com/edgelesssys/contrast/internal/constants.MicrosoftGenpolicyVersion=${microsoft.genpolicy.version}"
     "-X github.com/edgelesssys/contrast/internal/constants.KataGenpolicyVersion=${kata.genpolicy.version}"
+    "-X github.com/edgelesssys/contrast/internal/constants.PeerpodGenpolicyVersion=${peerpod.genpolicy.version}"
   ];
 
   preCheck = ''

packages/scripts.nix

@@ -260,6 +260,11 @@
           cp ${pkgs.kata.genpolicy.settings-coordinator}/genpolicy-settings.json .
           ${pkgs.kata.genpolicy}/bin/genpolicy < "$tmpdir/coordinator_base.yml"
         ;;
+        "aks-peer-snp")
+          cp ${pkgs.peerpod.genpolicy.rules-coordinator}/genpolicy-rules.rego rules.rego
+          cp ${pkgs.peerpod.genpolicy.settings-coordinator}/genpolicy-settings.json .
+          ${pkgs.peerpod.genpolicy}/bin/genpolicy < "$tmpdir/coordinator_base.yml"
+        ;;
         *)
           echo "Unsupported platform: {{ platform }}"
           exit 1