From 61d3d311c4101a3793f4a7d9b713b9f2520fbe38 Mon Sep 17 00:00:00 2001
From: panpingsheng <panpingsheng@hygon.cn>
Date: Mon, 9 Jun 2025 11:51:14 +0800
Subject: [PATCH] The test image uses the image in the haigon.cn repository
 instead of the image in docker.io

Because docker.io requires the configuration of an external network proxy, it increases the complexity for customers to use
---
 ...272\345\257\206\345\256\271\345\231\250.md" | 18 +++++++++---------
 ...350\257\225ASID\345\244\215\347\224\250.md" |  2 +-
 ...\350\257\225\347\233\264\351\200\232DCU.md" |  3 +--
 ...235\245\351\203\250\347\275\262workload.md" | 10 ++++------
 ...235\245\351\203\250\347\275\262workload.md" |  8 ++++----
 5 files changed, 19 insertions(+), 22 deletions(-)

diff --git "a/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/2-\346\265\213\350\257\225CSV\346\234\272\345\257\206\345\256\271\345\231\250.md" "b/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/2-\346\265\213\350\257\225CSV\346\234\272\345\257\206\345\256\271\345\231\250.md"
index fdfbb960f..71bc61911 100644
--- "a/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/2-\346\265\213\350\257\225CSV\346\234\272\345\257\206\345\256\271\345\231\250.md"	
+++ "b/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/2-\346\265\213\350\257\225CSV\346\234\272\345\257\206\345\256\271\345\231\250.md"	
@@ -80,21 +80,21 @@ nginx   1/1     Running   0          3m50s
     ```
 
   - 禁用sev_kbc模式
-
+    ```shell
+    sudo sed -i -e 's#^\(kernel_params\).*=.*$#\1 = \"agent.aa_kbc_params=offline_fs_kbc::null agent.enable_signature_verification=false \"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-csv.toml
+    ```
+    **客户如果使用dockerhub仓库则需要配置代理，使用下面操作替换**
     `agent.https_proxy=http://ip:port agent.no_proxy=10.*.*.*,172.*.*.*` **不要直接拷贝，仔细阅读下面说明**
 
     ```shell
     sudo sed -i -e 's#^\(kernel_params\).*=.*$#\1 = \"agent.https_proxy=http://ip:port agent.no_proxy=10.*.*.*,172.*.*.*  agent.aa_kbc_params=offline_fs_kbc::null agent.enable_signature_verification=false \"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-csv.toml
     ```
 
-    1.测试示例中使用的是dockerhub 仓库镜像，由于国内网络目前访问不了dockerhub 需要使用代理，代理参数`agent.https_proxy=http://ip:port agent.no_proxy=10.*.*.*,172.*.*.*` **http://ip:port 改为客户自己实际代理地址,后续机密容器测试步骤都需要加代理,ip 不要设置为127.0.0.1本地地址**
-
-    2.如果没有代理，需要购买企业版本阿里云容器，本地制作好容器镜像push到阿里云仓库，企业版地址：
-    https://www.aliyun.com/product/acr?spm=5176.21213303.J_qCOwPWspKEuWcmp8qiZNQ.30.3f952f3d26uzeU&scm=20140722.S_product@@%E4%BA%91%E4%BA%A7%E5%93%81@@88099._.RL_%E4%BC%81%E4%B8%9A%E7%89%88%E5%AE%B9%E5%99%A8-LOC_search~UND~product~UND~item-OR_ser-V_3-RE_productNew-P0_4
+    1.由于国内网络目前访问不了dockerhub,需要使用代理，代理参数`agent.https_proxy=http://ip:port agent.no_proxy=10.*.*.*,172.*.*.*` **http://ip:port 改为客户自己实际代理地址,后续机密容器测试步骤都需要加代理,ip 不要设置为127.0.0.1本地地址**
 
-    3.**如果上述两个条件都不满足，请搭建私有仓库**，搭建流程参考[2-9-3-机密容器](https://openanolis.cn/sig/Hygon-Arch/doc/1121587123561305791?lang=zh)中 **https私有仓库搭建** 章节
+    2.如果想搭建私有仓库，搭建流程参考[2-9-3-机密容器](https://openanolis.cn/sig/Hygon-Arch/doc/1121587123561305791?lang=zh)中 **https私有仓库搭建** 章节
 
-    4.**机密容器镜像是虚拟机通过image 模块直接从远端仓库获取的镜像，image 模块是社区为虚拟机定制的镜像管理模块，不支持类似主机端docker 在/etc/docker/daemon.json 文件中配置国内加速器的方式获取dockerhub仓库镜像**
+    3.**机密容器镜像是虚拟机通过image 模块直接从远端仓库获取的镜像，image 模块是社区为虚拟机定制的镜像管理模块，不支持类似主机端docker 在/etc/docker/daemon.json 文件中配置国内加速器的方式获取dockerhub仓库镜像**
 
 
 - 启动POD
@@ -109,7 +109,7 @@ metadata:
   name: test-csv
 spec:
   containers:
-  - image: docker.io/library/busybox:latest
+  - image: haigon.cn/test/busybox:latest
     name: test-csv
     imagePullPolicy: Always
   dnsPolicy: ClusterFirst
@@ -223,7 +223,7 @@ test-csv        1/1     Running   0          146m
     name: test-attestation
   spec:
     containers:
-    - image: docker.io/library/ubuntu:latest
+    - image: haigon.cn/test/ubuntu:latest
       name: test-attestation
       imagePullPolicy: Always
       volumeMounts:
diff --git "a/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/3-\346\265\213\350\257\225ASID\345\244\215\347\224\250.md" "b/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/3-\346\265\213\350\257\225ASID\345\244\215\347\224\250.md"
index 2dfda3188..ce773a7d0 100644
--- "a/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/3-\346\265\213\350\257\225ASID\345\244\215\347\224\250.md"	
+++ "b/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/3-\346\265\213\350\257\225ASID\345\244\215\347\224\250.md"	
@@ -36,7 +36,7 @@
     generateName: test-asid-reuse-
   spec:
     containers:
-    - image: docker.io/library/busybox:latest
+    - image: haigon.cn/test/busybox:latest
       name: test-asid-reuse
       imagePullPolicy: Always
     dnsPolicy: ClusterFirst
diff --git "a/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/4-\346\265\213\350\257\225\347\233\264\351\200\232DCU.md" "b/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/4-\346\265\213\350\257\225\347\233\264\351\200\232DCU.md"
index 93376249c..6d12962f0 100644
--- "a/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/4-\346\265\213\350\257\225\347\233\264\351\200\232DCU.md"	
+++ "b/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/4-\346\265\213\350\257\225\347\233\264\351\200\232DCU.md"	
@@ -60,9 +60,8 @@
 
 * 禁用sev_kbc模式
 
-  由于国内网络目前访问不了dockerhub 需要使用代理，代理参数agent.https_proxy=http://ip:port agent.no_proxy=10.*.*.*,172.*.*.* http://ip:port 为代理地址
   ```sh
-  $ sudo sed -i -e 's#^\(kernel_params\).*=.*$#\1 = \"agent.https_proxy=http://ip:port agent.no_proxy=10.*.*.*,172.*.*.* agent.aa_kbc_params=offline_fs_kbc::null agent.enable_signature_verification=false \"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-csv-dcu.toml
+  $ sudo sed -i -e 's#^\(kernel_params\).*=.*$#\1 = \"agent.aa_kbc_params=offline_fs_kbc::null agent.enable_signature_verification=false \"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-csv-dcu.toml
   ```
 * 设置内存
   ```sh
diff --git "a/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/6-\344\275\277\347\224\250\345\212\240\345\257\206\351\225\234\345\203\217\346\235\245\351\203\250\347\275\262workload.md" "b/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/6-\344\275\277\347\224\250\345\212\240\345\257\206\351\225\234\345\203\217\346\235\245\351\203\250\347\275\262workload.md"
index 4918b14c2..77c811b3a 100755
--- "a/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/6-\344\275\277\347\224\250\345\212\240\345\257\206\351\225\234\345\203\217\346\235\245\351\203\250\347\275\262workload.md"	
+++ "b/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/6-\344\275\277\347\224\250\345\212\240\345\257\206\351\225\234\345\203\217\346\235\245\351\203\250\347\275\262workload.md"	
@@ -66,10 +66,8 @@
 
   - 设置AA module 配置文件路径
 
-    由于国内网络目前访问不了dockerhub 需要使用代理，代理参数agent.https_proxy=http://ip:port agent.no_proxy=10.*.*.*,172.*.*.* http://ip:port 为代理地址
-
     ```shell
-    sudo sed -i -e 's#^\(kernel_params\).*=.*$#\1 = \"agent.https_proxy=http://ip:port agent.no_proxy=10.*.*.*,172.*.*.* agent.config_file=/etc/agent-config.toml agent.enable_signature_verification=false \"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-csv.toml
+    sudo sed -i -e 's#^\(kernel_params\).*=.*$#\1 = \"agent.config_file=/etc/agent-config.toml agent.enable_signature_verification=false \"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-csv.toml
     ```
 
 - 启动POD
@@ -84,7 +82,7 @@ metadata:
   name: test-en-online
 spec:
   containers:
-  - image: docker.io/pawsonfang/busybox:encrypted
+  - image: haigon.cn/test/busybox:encrypted
     name: test-en-online
     imagePullPolicy: Always
   dnsPolicy: ClusterFirst
@@ -145,7 +143,7 @@ test-en-online      1/1     Running   0          146m
   - 设置AA module 配置文件路径
 
     ```shell
-    sudo sed -i -e 's#^\(kernel_params\).*=.*$#\1 = \"agent.https_proxy=http://ip:port agent.no_proxy=10.*.*.*,172.*.*.* agent.config_file=/etc/agent-config.toml agent.enable_signature_verification=false \"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-csv.toml
+    sudo sed -i -e 's#^\(kernel_params\).*=.*$#\1 = \"agent.config_file=/etc/agent-config.toml agent.enable_signature_verification=false \"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-csv.toml
     ```
 
 
@@ -161,7 +159,7 @@ metadata:
   name: test-en-offline
 spec:
   containers:
-  - image: docker.io/pawsonfang/busybox:encrypted
+  - image: haigon.cn/test/busybox:encrypted
     name: test-en-offline
     imagePullPolicy: Always
   dnsPolicy: ClusterFirst
diff --git "a/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/7-\344\275\277\347\224\250\347\255\276\345\220\215\351\225\234\345\203\217\346\235\245\351\203\250\347\275\262workload.md" "b/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/7-\344\275\277\347\224\250\347\255\276\345\220\215\351\225\234\345\203\217\346\235\245\351\203\250\347\275\262workload.md"
index ef6211c88..e11f444b8 100755
--- "a/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/7-\344\275\277\347\224\250\347\255\276\345\220\215\351\225\234\345\203\217\346\235\245\351\203\250\347\275\262workload.md"	
+++ "b/sig/Hygon Arch/content/2-CSV\346\265\213\350\257\225\346\226\207\346\241\243/4-KATA-3/7-\344\275\277\347\224\250\347\255\276\345\220\215\351\225\234\345\203\217\346\235\245\351\203\250\347\275\262workload.md"	
@@ -67,7 +67,7 @@
   - 使能验签功能
 
     ```shell
-    sudo sed -i -e 's#^\(kernel_params\).*=.*$#\1 = \"agent.https_proxy=http://ip:port agent.no_proxy=10.*.*.*,172.*.*.* agent.config_file=/etc/agent-config.toml agent.enable_signature_verification=true \"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-csv.toml
+    sudo sed -i -e 's#^\(kernel_params\).*=.*$#\1 = \"agent.config_file=/etc/agent-config.toml agent.enable_signature_verification=true \"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-csv.toml
     ```
 
 - 启动 Pod
@@ -82,7 +82,7 @@ metadata:
   name: test-sign-online
 spec:
   containers:
-  - image: docker.io/pawsonfang/mybusybox
+  - image: haigon.cn/test/busybox-signed
     name: test-sign-online
     imagePullPolicy: Always
   dnsPolicy: ClusterFirst
@@ -139,7 +139,7 @@ test-sign-online     1/1     Running   0          31h
   - 使能验签功能，并更新kbc模式为offline_fs_kbc
 
     ```shell
-    sudo sed -i -e 's#^\(kernel_params\).*=.*$#\1 = \"agent.https_proxy=http://ip:port agent.no_proxy=10.*.*.*,172.*.*.* agent.aa_kbc_params=offline_fs_kbc::null agent.enable_signature_verification=true \"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-csv.toml
+    sudo sed -i -e 's#^\(kernel_params\).*=.*$#\1 = \"agent.aa_kbc_params=offline_fs_kbc::null agent.enable_signature_verification=true \"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-csv.toml
     ```
 
 - 启动 Pod
@@ -154,7 +154,7 @@ metadata:
   name: test-sign-offline
 spec:
   containers:
-  - image: docker.io/pawsonfang/mybusybox
+  - image: haigon.cn/test/busybox-signed
     name: test-sign-offline
     imagePullPolicy: Always
   dnsPolicy: ClusterFirst
-- 
Gitee