Red Hat SummitChapter 1. About confidential containers
Confidential containers provides a confidential computing environment to protect containers and data by leveraging Trusted Execution Environments.
For more information, see Exploring the OpenShift confidential containers solution.
1.1. Compatibility with OpenShift Container Platform
The required functionality for Red Hat OpenShift Container Platform is supported by two main components:
- Kata runtime
- The Kata runtime is included with Red Hat Enterprise Linux CoreOS (RHCOS) and receives updates with every OpenShift Container Platform release. When enabling peer pods with the Kata runtime, the OpenShift sandboxed containers Operator requires external network connectivity to pull the necessary image components and helper utilities to create the pod virtual machine (VM) image.
- OpenShift sandboxed containers Operator
- The OpenShift sandboxed containers Operator is a Rolling Stream Operator, which means the latest version is the only supported version. It works with all currently supported versions of OpenShift Container Platform.
The Operator depends on the features that come with the RHCOS host and the environment it runs in.
You must install RHCOS on the worker nodes. Red Hat Enterprise Linux (RHEL) nodes are not supported.
The following compatibility matrix for OpenShift sandboxed containers and OpenShift Container Platform releases identifies compatible features and environments.
| Architecture | OpenShift Container Platform version |
|---|---|
| x86_64 | 4.16 or later |
| s390x | 4.16 or later |
There are two ways to deploy the Kata containers runtime:
- Bare metal
- Peer pods
You can deploy OpenShift sandboxed containers by using peer pods on Microsoft Azure Cloud Computing Services, AWS Cloud Computing Services, or Google Cloud. With the release of OpenShift sandboxed containers 1.10, the OpenShift sandboxed containers Operator requires OpenShift Container Platform version 4.16 or later.
| Feature | Deployment method | OpenShift Container Platform 4.16 | OpenShift Container Platform 4.17 | OpenShift Container Platform 4.18 | OpenShift Container Platform 4.19 |
|---|---|---|---|---|---|
| Confidential containers | Bare metal | N/A | N/A | N/A | N/A |
| Azure peer pods | GA | GA | GA | GA | |
| GPU support | Bare metal | N/A | N/A | N/A | N/A |
| IBM Z | N/A | N/A | N/A | N/A | |
| Azure | Developer Preview | Developer Preview | Developer Preview | Developer Preview | |
| AWS | Developer Preview | Developer Preview | Developer Preview | Developer Preview | |
| Google Cloud | Developer Preview | Developer Preview | Developer Preview | Developer Preview |
GPU support for peer pods is a Developer Preview feature only. Developer Preview features are not supported by Red Hat in any way and are not functionally complete or production-ready. Do not use Developer Preview features for production or business-critical workloads. Developer Preview features provide early access to upcoming product features in advance of their possible inclusion in a Red Hat product offering, enabling customers to test functionality and provide feedback during the development process. These features might not have any documentation, are subject to change or removal at any time, and testing is limited. Red Hat might provide ways to submit feedback on Developer Preview features without an associated SLA.
| Platform | GPU | Confidential containers |
|---|---|---|
| Azure | Developer Preview | GA |
| AWS | Developer Preview | N/A |
| Google Cloud | Developer Preview | N/A |
1.2. Peer pod resource requirements
You must ensure that your cluster has sufficient resources.
Peer pod virtual machines (VMs) require resources in two locations:
-
The worker node. The worker node stores metadata, Kata shim resources (
containerd-shim-kata-v2), remote-hypervisor resources (cloud-api-adaptor), and the tunnel setup between the worker nodes and the peer pod VM. - The cloud instance. This is the actual peer pod VM running in the cloud.
The CPU and memory resources used in the Kubernetes worker node are handled by the pod overhead included in the RuntimeClass (kata-remote) definition used for creating peer pods.
The total number of peer pod VMs running in the cloud is defined as Kubernetes Node extended resources. This limit is per node and is set by the PEERPODS_LIMIT_PER_NODE attribute in the peer-pods-cm config map.
The extended resource is named kata.peerpods.io/vm, and enables the Kubernetes scheduler to handle capacity tracking and accounting.
You can edit the limit per node based on the requirements for your environment after you install the OpenShift sandboxed containers Operator.
A mutating webhook adds the extended resource kata.peerpods.io/vm to the pod specification. It also removes any resource-specific entries from the pod specification, if present. This enables the Kubernetes scheduler to account for these extended resources, ensuring the peer pod is only scheduled when resources are available.
The mutating webhook modifies a Kubernetes pod as follows:
-
The mutating webhook checks the pod for the expected
RuntimeClassNamevalue, specified in theTARGET_RUNTIME_CLASSenvironment variable. If the value in the pod specification does not match the value in theTARGET_RUNTIME_CLASS, the webhook exits without modifying the pod. If the
RuntimeClassNamevalues match, the webhook makes the following changes to the pod spec:-
The webhook removes every resource specification from the
resourcesfield of all containers and init containers in the pod. -
The webhook adds the extended resource (
kata.peerpods.io/vm) to the spec by modifying the resources field of the first container in the pod. The extended resourcekata.peerpods.io/vmis used by the Kubernetes scheduler for accounting purposes.
-
The webhook removes every resource specification from the
The mutating webhook excludes specific system namespaces in OpenShift Container Platform from mutation. If a peer pod is created in those system namespaces, then resource accounting using Kubernetes extended resources does not work unless the pod spec includes the extended resource.
As a best practice, define a cluster-wide policy to only allow peer pod creation in specific namespaces.
1.3. About initdata
The initdata specification provides a flexible way to initialize a peer pod with sensitive or workload-specific data at runtime, avoiding the need to embed such data in the virtual machine (VM) image. This enhances security by reducing the exposure of confidential information and improves flexibility by eliminating custom image builds. For example, initdata can include three configuration settings:
- An X.509 certificate for secure communication.
- A cryptographic key for authentication.
-
An optional Kata Agent
policy.regofile to enforce runtime behavior when overriding the default permissive Kata Agent policy.
The initdata content configures the following components:
- Attestation Agent (AA), which verifies the trustworthiness of the peer pod by sending evidence for attestation.
- Confidential Data Hub (CDH), which manages secrets and secure data access within the peer pod VM.
- Kata Agent, which enforces runtime policies and manages the lifecycle of the containers inside the pod VM.
You create an initdata.toml file and convert it to a Base64-encoded, gzip-format string. You apply the initdata string to your workload by one of the following methods:
-
Global configuration: Add the initdata string as the value of the
INITDATAkey in the peer pods config map to create a default configuration for all peer pods. Pod configuration: Add the initdata string as an annotation to a pod manifest, allowing customization for individual workloads.
NoteThe initdata annotation in the pod manifest overrides the global
INITDATAvalue in the peer pods config map for that specific pod. The Kata runtime handles this precedence automatically at pod creation time.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}