Customization
Customize the Helm chart deployment of Confidential Containers
Installation
Installing Confidential Containers with Helm charts
Categories:
Note
Make sure you have completed the pre-requisites before installing Confidential Containers.
Install CoCo with Helm
Install the CoCo runtime using the Helm chart from the Confidential Containers charts repository.
Install the latest released version:
helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
--namespace coco-system \
--create-namespace
Substitute <VERSION> with the desired release version:
helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
--version <VERSION> \
--namespace coco-system \
--create-namespace
For example, to install version v0.18.0:
helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
--version 0.18.0 \
--namespace coco-system \
--create-namespace
Wait until each pod has the STATUS of Running.
kubectl get pods -n coco-system --watch
For platform-specific installation options (s390x, peer-pods, etc.) and advanced configuration, see the charts repository documentation.
Verify Installation
See if the expected runtime classes were created.
kubectl get runtimeclass
The available runtimeclasses depend on the architecture:
| runtimeclass | Description |
|---|---|
kata-qemu-coco-dev |
Development/testing runtime |
kata-qemu-coco-dev-runtime-rs |
Development/testing runtime (Rust-based) |
kata-qemu-snp |
AMD SEV-SNP |
kata-qemu-tdx |
Intel TDX |
kata-qemu-nvidia-gpu-snp |
NVIDIA GPU with AMD SEV-SNP protection |
kata-qemu-nvidia-gpu-tdx |
NVIDIA GPU with Intel TDX protection |
| runtimeclass | Description |
|---|---|
kata-qemu-coco-dev |
Development/testing runtime |
kata-qemu-coco-dev-runtime-rs |
Development/testing runtime (Rust-based) |
kata-qemu-se |
IBM Secure Execution |
kata-qemu-se-runtime-rs |
IBM Secure Execution (Rust-based) |
| runtimeclass | Description |
|---|---|
kata-remote |
Peer-pods |
Uninstall
To uninstall Confidential Containers and delete the coco-system namespace, run:
helm uninstall coco --namespace coco-system
kubectl delete namespace coco-system