Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-4170

Create Konflux build for Intel SGX Provisioning Certificate Caching Service (PCCS) container

XMLWordPrintable

    • Blanc #3, Denali #5

      Background

      Create a Konflux build pipeline for the Intel SGX Provisioning Certificate Caching Service (PCCS) container to enable automated building and distribution of this Node.js-based service for managing SGX provisioning certificates in data center environments.

      Container Details

      Container Components

      • Node.js 20 runtime environment
      • Intel SGX DCAP repository integration
      • PCK Certificate Selection library build
      • PCCS server application and dependencies
      • Node.js package management and installation
      • Server configuration and entry point setup

      Build Process

      • Multi-stage build approach for clean, minimal final image
      • Intel SGX DCAP repository cloning at specific version
      • PCK Certificate Selection library compilation
      • Node.js dependencies installation for PCCS service
      • Final container optimized to run pccs_server.js

      Technical Requirements

      • Set up Konflux build configuration for the PCCS Containerfile
      • Configure multi-stage build pipeline
      • Ensure proper Node.js 20 UBI base image usage
      • Validate Intel SGX DCAP repository access and version pinning
      • Test PCCS server functionality and certificate management
      • Configure proper networking and service exposure

      Acceptance Criteria

      • [ ] Konflux build pipeline created and configured
      • [ ] Multi-stage container builds successfully
      • [ ] All Node.js dependencies install correctly
      • [ ] PCK Certificate Selection library compiles properly
      • [ ] PCCS server starts and runs correctly
      • [ ] Container image passes security scans
      • [ ] Final image is optimized and minimal
      • [ ] Documentation updated with build and deployment instructions
      • [ ] CI/CD pipeline validates container functionality
      • [ ] Service networking configuration validated

      Dependencies

      • Access to Intel SGX DCAP repositories
      • Red Hat UBI Node.js 20 base image availability
      • Konflux platform configuration
      • Container registry access for image storage
      • Network configuration for PCCS service exposure

              rh-ee-mylinen Mikko Ylinen
              jfreiman Jens Freimann
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: