Installation
Installing Confidential Containers with Helm charts
Categories:
Note
Make sure you have completed the pre-requisites before installing Confidential Containers.Install CoCo with Helm
Install the CoCo runtime using the Helm chart, substituting <VERSION> with the desired
release version:
helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
--version <VERSION> \
--namespace coco-system \
--create-namespace
For example, to install version v0.18.0:
helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
--version v0.18.0 \
--namespace coco-system \
--create-namespace
Wait until each pod has the STATUS of Running.
kubectl get pods -n coco-system --watch
For platform-specific installation options (s390x, peer-pods, etc.) and advanced configuration, see the charts repository documentation.
Verify Installation
See if the expected runtime classes were created.
kubectl get runtimeclass
The available runtimeclasses depend on the architecture:
| runtimeclass | Description |
|---|---|
kata-qemu-coco-dev |
Development/testing runtime |
kata-qemu-coco-dev-runtime-rs |
Development/testing runtime (Rust-based) |
kata-qemu-snp |
AMD SEV-SNP |
kata-qemu-tdx |
Intel TDX |
kata-qemu-nvidia-gpu-snp |
NVIDIA GPU with AMD SEV-SNP protection |
kata-qemu-nvidia-gpu-tdx |
NVIDIA GPU with Intel TDX protection |
| runtimeclass | Description |
|---|---|
kata-qemu-coco-dev |
Development/testing runtime |
kata-qemu-coco-dev-runtime-rs |
Development/testing runtime (Rust-based) |
kata-qemu-se |
IBM Secure Execution |
kata-qemu-se-runtime-rs |
IBM Secure Execution (Rust-based) |
| runtimeclass | Description |
|---|---|
kata-remote |
Peer-pods |