e89fac6c9b
Add a --cw option to `buildah build` and `buildah commit`, which takes a comma-separated list of arguments and produces an image laid out for use as a confidential workload: type: sev or snp attestation_url: location of a key broker server cpus: expected number of virtual CPUs to run with memory: expected megabytes of memory to run with workload_id: a distinguishing identifier for the key broker server ignore_attestation_errors: ignore errors registering the workload passphrase: for encrypting the disk image slop: extra space to allocate for the disk image At least one of attestation_url and passphrase must be specified in order for the encrypted disk image to be decryptable at run-time. Other arguments can be omitted. ignore_attestation_errors is intentionally undocumented, as it's mainly used to permit some amount of testing on systems which don't have the required hardware. Add an `mkcw` top-level command, for converting directly from an image to a confidential workload. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> |
||
|---|---|---|
| .. | ||
| build.go | ||
| isolation.go | ||
| mount_freebsd.go | ||
| mount_linux.go | ||
| mount_unsupported.go | ||
| namespace.go | ||
| pull.go | ||
| pull_test.go | ||
| types.go | ||
| types_test.go | ||
| types_unix.go | ||
| types_unsupported.go | ||