hostNetwork usage for SGX demo pods is not absolutely necessary so it's
better to clean it up and make IAS "security" scanners happier. It was
originally used to be able to use "localhost" PCCS but this change now
adds an example how proper PCCS url can be configured using jq.
Additionally, SGX DCAP Quote Verification is added.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Start using the newly created NodeFeatureRule configs with SGX.
This allows to drop the custom worker config.
Additionally, split the example NFD deployment into two steps
1) plain NFD (+SGX json patches)
2) NodeFeatureRule creation
NodeFeatureRule creation is not guaranteed to succeed when it's
part of the same kustomization with the CRD creation. Users may
also have NFD already running so allowing 2) alone works better
in that scenario.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
With the recent move to NFD custom source config for SGX features,
we no longer get SGX* cpuid labels but custom-intel.sgx so the grep
fails. Move to lowercase only checks.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
