Authenticated Registries
Use private OCI registries
Features
Primitives provided by Confidential Containers
In addition to running pods inside of enclaves, Confidential Containers provides several other features that can be used to protect workloads and data. Securing complex workloads often requires using some of these features.
Most features depend on and require attestation, which is described in the next section.
Encrypted Images
Procedures to encrypt and consume OCI images in a TEE
Local Registries
Pull containers from self-hosted registries
Protected Storage
Add protected volumes to a pod
Sealed Secrets
Generate and deploy protected Kubernetes secrets
Signed Images
Procedures to generate and deploy signed OCI images with CoCo