Creating a Contract

You must create a contract to establish a Confidential Computing Container Runtime for Red Hat Virtualization Solutions (CCRV) instance.

1. Create a compressed file podman.tgz by running the following command:

   $ tar -czvf podman.tgz podman.yaml kbs/kbs-config.toml kbs/kbs.pem kbs/data/hdr/ kbs/data/hkds/ kbs/data/rsa kbs/data/attestation-service/ kbs/data/kbs-storage/ kbs/data/policy.rego kbs/localhost.key kbs/localhost.crt kbs/osc kbs/cosign.pub

2. Encode the compressed file as a base64 string:

   $ base64 -i podman.tgz | tr -d '\n' > podman.b64

   Note: If you wanted to setup logging using Syslog, follow this approach Syslog
3. Set the logrouter_hostname value by running the following command:

   $ export logrouter_hostname=<hostname>

4. Set the ibmcloud_api_key value by running the following command:

   $ export ibmcloud_api_key=<your_api_key>

   Note: You can get the logrouter_hostname from IBM Cloud > Observability > Logging > Instances > <your_instance> > Endpoints > Public Ingress Endpoint. For example: 272657f8-fcd2-4155-9462-9ef2cc9a1e39.ingress.eu-gb.logs.cloud.ibm.com.
5. Replace ${logrouter_hostname} and ${ibmcloud_api_key} with your log router information by running the following command:

   cat << EOF > contract
   env: |
   type: env
    logging:
      logRouter:
        hostname: ${logrouter_hostname}
        iamApiKey: ${ibmcloud_api_key}
        port: 443
    workload: |
    type: workload
     play:
      archive: $(cat podman.b64)
   EOF