The goal of the CoCo project is to standardize confidential computing at the pod level and simplify its consumption in Kubernetes. This enables Kubernetes users to deploy confidential container workloads using familiar workflows and tools without extensive knowledge of the underlying confidential computing technologies.
With CoCo, you can deploy your workloads on shared infrastructure yet significantly reduce the risk of unauthorized entities accessing your workload data and extracting your secrets.
Confidential Containers is an open source community working to enable cloud native confidential computing by leveraging Trusted Execution Environments to protect containers and data.
Goals
Multiple TEEs
Support for multiple Trusted Execution Environments (TEEs) and hardware platforms
Please follow this space for updates!
Containers
Transparent deployment of unmodified containers
Cloud Service Providers (CSP)
A trust model which separates CSPs from guest applications
Application Security
Allow cloud native application owners to enforce application security requirements
Privilege
Least privilege principles for the Kubernetes Cluster administration capabilities which impact delivering Confidential Computing for guest application or data inside the TEE.
Community
Contributions welcome!
We do a Pull Request contributions workflow on GitHub. New users are always welcome!
We are on CNCF Slack!
Join channel #confidential-containers by getting invitation for the CNCF slack.