This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Getting Started

High level overview of Confidential Containers

1: Prerequisites

1.1: Hardware Requirements

1.1.1: CoCo without Hardware
1.1.2: Secure Execution Host Setup
1.1.3: SEV-SNP Host Setup
1.1.4: SGX Host Setup
1.1.5: TDX Host Setup

1.2: Cloud Hardware
1.3: Cluster Setup

2: Installation
3: Simple Workload

This section will describe hardware and software prerequisites, installing Confidential Containers with Helm charts, verifying the installation, and running a pod with Confidential Containers.

1 - Prerequisites

Requirements for deploying Confidential Containers

This section will describe hardware and software prerequisites for installing Confidential Containers with Helm charts.

1.1 - Hardware Requirements

Hardware requirements for deploying Confidential Containers

Confidential Computing is a hardware technology. Confidential Containers supports multiple hardware platforms and can leverage cloud hardware. If you do not have bare metal hardware and will deploy Confidential Containers with a cloud integration, continue to the cloud section.

You can also run Confidential Containers without hardware support for testing or development.

The Confidential Containers Helm charts, which are described in the following section, do not setup the host kernel, firmware, or system configuration. Before installing Confidential Containers on a bare metal system, make sure that your node can start confidential VMs.

This section will describe the configuration that is required on the host.

Regardless of your platform, it is recommended to have at least 8GB of RAM and 4 cores on your worker node.

1.1.1 - CoCo without Hardware

Testing and development without hardware

For testing or development, Confidential Containers can be deployed without any hardware support.

This is referred to as a coco-dev or non-tee. A coco-dev deployment functions the same way as Confidential Containers with an enclave, but a non-confidential VM is used instead of a confidential VM. This does not provide any security guarantees, but it can be used for testing.

No additional host configuration is required as long as the host supports virtualization.

1.1.2 - Secure Execution Host Setup

Host configurations for IBM s390x

Platform Setup

This document outlines the steps to configure a host machine to support IBM Secure Execution on IBM Z & LinuxONE platforms. This capability enables enhanced security for workloads by taking advantage of protected virtualization. Ensure the host meets the necessary hardware and software requirements before proceeding.

Hardware Requirements

Supported hardware includes these systems:

IBM z15 or newer models
IBM LinuxONE III or newer models

Software Requirements

Additionally, the system must meet specific CPU and kernel configuration requirements. Follow the steps below to verify and enable the Secure Execution capability.

Verify Protected Virtualization Support in the Kernel

Run the following command to ensure the kernel supports protected virtualization:
```
cat /sys/firmware/uv/prot_virt_host
```
A value of 1 indicates support.
Check Ultravisor Memory Reservation

Confirm that the ultravisor has reserved memory during the current boot:
```
sudo dmesg | grep -i ultravisor
```
Example output:
```
[    0.063630] prot_virt.f9efb6: Reserving 98MB as ultravisor base storage
```
Validate the Secure Execution Facility Bit

Ensure the required facility bit (158) is present:
```
cat /proc/cpuinfo | grep 158
```
The facilities field should include 158.

If any required configuration is missing, contact your cloud provider to enable the Secure Execution capability for a machine. Alternatively, if you have administrative privileges and the facility bit (158) is set, you can enable it by modifying kernel parameters and rebooting the system:

Modify Kernel Parameters

Update the kernel configuration to include the prot_virt=1 parameter:
```
sudo sed -i 's/^\(parameters.*\)/\1 prot_virt=1/g' /etc/zipl.conf
```
Update the Bootloader and reboot the System

Apply the changes to the bootloader and reboot the system:
```
sudo zipl -V
sudo systemctl reboot
```
Repeat the Verification Steps

After rebooting, repeat the verification steps above to ensure Secure Execution is properly enabled.

Additional Notes

The steps to enable Secure Execution might vary depending on the Linux distributions. Consult your distribution’s documentation if necessary.
For more detailed information about IBM Secure Execution for Linux, see also the official documentation at IBM Secure Execution for Linux.

1.1.3 - SEV-SNP Host Setup

Host configurations for AMD SEV-SNP machines

Platform Setup

The host BIOS and kernel must be capable of supporting AMD SEV-SNP and the host must be configured accordingly.

The SEV Firmware version must be at least version 1.55 in order to have at least version 3 of the Attestation Report. The latest SEV Firmware version is available on AMD’s SEV Developer Webpage. It can also be updated via a platform OEM BIOS update.

The host kernel must be equal to or later than upstream version 6.16.1.

To build just the upstream compatible host kernel, use the Confidential Containers fork of AMDESE AMDSEV. Individual components can be built by running the following command:

./build.sh kernel host --install

1.1.4 - SGX Host Setup

Host configurations for Intel SGX machines

TODO

1.1.5 - TDX Host Setup

Host configurations for Intel® Trust Domain Extensions (TDX)

Platform Setup

Host OS setup

Additional Notes

For more detailed information about Intel TDX, see also official documentation.

1.2 - Cloud Hardware

Confidential Containers on the Cloud

Note

If you are using bare metal confidential hardware, you can skip this section.

Confidential Containers can be deployed via confidential computing cloud offerings. The main method of doing this is to use the cloud-api-adaptor also known as “peer pods.”

Some clouds also support starting confidential VMs inside of non-confidential VMs. With Confidential Containers these offerings can be used as if they were bare-metal.

1.3 - Cluster Setup

Cluster prerequisites

Confidential Containers requires Kubernetes. A cluster must be installed before installing the Helm charts. Many different clusters can be used but they should meet the following requirements.

The minimum Kubernetes version is 1.24
Cluster must use containerd. Note: cri-o is not tested with the Helm charts for baremetal deployments.
At least one node has the label node.kubernetes.io/worker.
SELinux is not enabled.
Helm 3.8+ is installed.

Note

Kind and Minikube are not tested anywhere in the project, and those are not encouraged to be used as QEMU is known to not work with them.

2 - Installation

Installing Confidential Containers with Helm charts

Note

Make sure you have completed the pre-requisites before installing Confidential Containers.

Install CoCo with Helm

Install the CoCo runtime using the Helm chart, substituting <VERSION> with the desired release version:

helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
  --version <VERSION> \
  --namespace coco-system \
  --create-namespace

For example, to install version v0.18.0:

helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
  --version v0.18.0 \
  --namespace coco-system \
  --create-namespace

Wait until each pod has the STATUS of Running.

kubectl get pods -n coco-system --watch

For platform-specific installation options (s390x, peer-pods, etc.) and advanced configuration, see the charts repository documentation.

Verify Installation

See if the expected runtime classes were created.

kubectl get runtimeclass

The available runtimeclasses depend on the architecture:

runtimeclass	Description
`kata-qemu-coco-dev`	Development/testing runtime
`kata-qemu-coco-dev-runtime-rs`	Development/testing runtime (Rust-based)
`kata-qemu-snp`	AMD SEV-SNP
`kata-qemu-tdx`	Intel TDX
`kata-qemu-nvidia-gpu-snp`	NVIDIA GPU with AMD SEV-SNP protection
`kata-qemu-nvidia-gpu-tdx`	NVIDIA GPU with Intel TDX protection

runtimeclass	Description
`kata-qemu-coco-dev`	Development/testing runtime
`kata-qemu-coco-dev-runtime-rs`	Development/testing runtime (Rust-based)
`kata-qemu-se`	IBM Secure Execution
`kata-qemu-se-runtime-rs`	IBM Secure Execution (Rust-based)

runtimeclass	Description
`kata-remote`	Peer-pods

3 - Simple Workload

Running a simple confidential workload

Creating a sample Confidential Containers workload

Once you’ve used the Helm charts to install Confidential Containers, you can run a pod with CoCo by simply adding a runtime class. First, we will use the kata-qemu-coco-dev runtime class which uses CoCo without hardware support. Initially we will try this with an unencrypted container image.

In this example, we will be using the bitnami/nginx image as described in the following yaml:

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: nginx
  name: nginx
  annotations:
    io.containerd.cri.runtime-handler: kata-qemu-coco-dev
spec:
  containers:
  - image: bitnami/nginx:1.22.0
    name: nginx
  dnsPolicy: ClusterFirst
  runtimeClassName: kata-qemu-coco-dev

For the most basic workloads, setting the runtimeClassName and runtime-handler annotation is usually the only requirement for the pod YAML.

Create a pod YAML file as previously described (we named it nginx.yaml) .

Create the workload:

kubectl apply -f nginx.yaml

Output:

pod/nginx created

Ensure the pod was created successfully (in running state):

kubectl get pods

Output:

NAME    READY   STATUS    RESTARTS   AGE
nginx   1/1     Running   0          3m50s