Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 2. Deploying Confidential Containers on Azure

You can deploy Confidential Containers on Microsoft Azure Cloud Computing Services.

Important

Confidential Containers on Azure is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

Cluster requirements

  • You have configured outbound connectivity for the pod VM subnet.
  • You have installed Red Hat OpenShift Container Platform 4.16 or later on the Azure cluster where you are installing the Red Hat build of Trustee.
  • You have installed OpenShift sandboxed containers on the Azure cluster.
  • You have deployed Trustee in an OpenShift Container Platform cluster running on trusted hardware.

You deploy Confidential Containers by performing the following steps on the Azure OpenShift Container Platform cluster:

  1. Enable the Confidential Containers feature gate.
  2. Create initdata.
  3. Update the peer pods config map.
  4. Optional: Customize the initdata on a pod.
  5. Delete the KataConfig custom resource (CR).
  6. Re-create the KataConfig CR.
  7. Verify the attestation process.

2.1. Enabling the Confidential Containers feature gate

You must enable the Confidential Containers feature gate.

Prerequisites

  • You have subscribed to the OpenShift sandboxed containers Operator.

Procedure

  1. Create a cc-feature-gate.yaml manifest file: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: osc-feature-gates
  namespace: openshift-sandboxed-containers-operator
data:
  confidential: "true"
    Copy to Clipboard

  2. Create the config map by running the following command: 

    $ oc apply -f cc-feature-gate.yaml
    Copy to Clipboard

2.2. About initdata

The initdata specification provides a flexible way to initialize a peer pod with sensitive or workload-specific data at runtime, avoiding the need to embed such data in the virtual machine (VM) image. This enhances security by reducing the exposure of confidential information and improves flexibility by eliminating custom image builds. For example, initdata can include three configuration settings:

  • An X.509 certificate for secure communication.
  • A cryptographic key for authentication.
  • An optional Kata Agent policy.rego file to enforce runtime behavior when overriding the default permissive Kata Agent policy.

You can apply an initdata configuration by using one of the following methods:

  • Globally by including it in the peer pods config map, setting a cluster-wide default for all pods.

  • For a specific pod when configuring a pod workload object, allowing customization for individual workloads.

    The io.katacontainers.config.runtime.cc_init_data annotation you specify when configuring a pod workload object overrides the global INITDATA setting in the peer pods config map for that specific pod. The Kata runtime handles this precedence automatically at pod creation time.

The initdata content configures the following components:

  • Attestation Agent (AA), which verifies the trustworthiness of the peer pod by sending evidence to the Trustee for attestation.
  • Confidential Data Hub (CDH), which manages secrets and secure data access within the peer pod VM.
  • Kata Agent, which enforces runtime policies and manages the lifecycle of the containers inside the pod VM.

2.3. Creating initdata

Create a TOML file with initdata and convert it to a Base64-encoded string. Use this string to specify the value in the peer pods config map, in the peer pod manifest, or in the verification-pod.yaml file.

Important

You must delete the kbs_cert setting if you configure insecure_http = true in the Trustee config map.

Procedure

  1. Obtain the Trustee IP address and port. In production environments, Trustee is deployed on a separate OpenShift Container Platform cluster running on trusted hardware, distinct from the cloud environment hosting the primary workload. Run the following commands on the Trustee cluster.

  2. Create the initdata.toml configuration file: 

    ```toml
algorithm = "sha384"
version = "0.1.0"

[data]
"aa.toml" = '''
[token_configs]
[token_configs.coco_as]
url = '<url>:<port>'
    1 
    


[token_configs.kbs]
url = '<url>:<port>'
cert = """
-----BEGIN CERTIFICATE-----
<kbs_certificate>
    2 
    
-----END CERTIFICATE-----
"""
'''

"cdh.toml"  = '''
socket = 'unix:///run/confidential-containers/cdh.sock'
credentials = []

[kbc]
name = 'cc_kbc'
url = '<url>:<port>'
kbs_cert = """
    3 
    
-----BEGIN CERTIFICATE-----
<kbs_certificate>
    4 
    
-----END CERTIFICATE-----
"""
'''

"policy.rego" = '''
    5 
    
package agent_policy

default AddARPNeighborsRequest := true
default AddSwapRequest := true
default CloseStdinRequest := true
default CopyFileRequest := true
default CreateContainerRequest := true
default CreateSandboxRequest := true
default DestroySandboxRequest := true
default ExecProcessRequest := false
default GetMetricsRequest := true
default GetOOMEventRequest := true
default GuestDetailsRequest := true
default ListInterfacesRequest := true
default ListRoutesRequest := true
default MemHotplugByProbeRequest := true
default OnlineCPUMemRequest := true
default PauseContainerRequest := true
default PullImageRequest := true
default ReadStreamRequest := false
default RemoveContainerRequest := true
default RemoveStaleVirtiofsShareMountsRequest := true
default ReseedRandomDevRequest := true
default ResumeContainerRequest := true
default SetGuestDateTimeRequest := true
default SetPolicyRequest := true
default SignalProcessRequest := true
default StartContainerRequest := true
default StartTracingRequest := true
default StatsContainerRequest := true
default StopTracingRequest := true
default TtyWinResizeRequest := true
default UpdateContainerRequest := true
default UpdateEphemeralMountsRequest := true
default UpdateInterfaceRequest := true
default UpdateRoutesRequest := true
default WaitProcessRequest := true
default WriteStreamRequest := true
'''
```
    Copy to Clipboard
    1
    Specify the URL and port of the Trustee instance. If you configure the Trustee with insecure_http for testing purposes, use HTTP. Otherwise, use HTTPS. For production systems, avoid using insecure_http unless you configure your environment to handle TLS externally, for example, with a proxy.
    2
    Specify the Base64-encoded TLS certificate for the attestation agent. This is not required for testing purposes, but it is recommended for production systems.
    3
    Delete the kbs_cert setting if you configure insecure_http = true in the Trustee config map.
    4
    Specify the Base64-encoded TLS certificate for the Trustee instance.
    5
    Specify a custom Kata Agent policy. The default policy allows all API calls. For production environments, set ReadStreamRequest and ExecProcessRequest to false to disable the oc exec and oc log APIs, preventing unencrypted data transmission via the control plane. Adjust other true or false values to customize the policy further based on your needs.

  3. Convert the initdata.toml file to a Base64-encoded string in gzip format in a text file by running the following command: 

    $ cat initdata.toml | gzip | base64 -w0 > initdata.txt
    Copy to Clipboard

2.4. Updating the peer pods config map

You must update the peer pods config map for Confidential Containers.

Procedure

  1. Obtain the following values from your Azure instance:

    1. Retrieve and record the Azure resource group: 

      $ AZURE_RESOURCE_GROUP=$(oc get infrastructure/cluster -o jsonpath='{.status.platformStatus.azure.resourceGroupName}') && echo "AZURE_RESOURCE_GROUP: \"$AZURE_RESOURCE_GROUP\""
      Copy to Clipboard

    2. Retrieve and record the Azure VNet name: 

      $ AZURE_VNET_NAME=$(az network vnet list --resource-group ${AZURE_RESOURCE_GROUP} --query "[].{Name:name}" --output tsv)
      Copy to Clipboard

      This value is used to retrieve the Azure subnet ID.

    3. Retrieve and record the Azure subnet ID: 

      $ AZURE_SUBNET_ID=$(az network vnet subnet list --resource-group ${AZURE_RESOURCE_GROUP} --vnet-name $AZURE_VNET_NAME --query "[].{Id:id} | [? contains(Id, 'worker')]" --output tsv) && echo "AZURE_SUBNET_ID: \"$AZURE_SUBNET_ID\""
      Copy to Clipboard

    4. Retrieve and record the Azure network security group (NSG) ID: 

      $ AZURE_NSG_ID=$(az network nsg list --resource-group ${AZURE_RESOURCE_GROUP} --query "[].{Id:id}" --output tsv) && echo "AZURE_NSG_ID: \"$AZURE_NSG_ID\""
      Copy to Clipboard

    5. Retrieve and record the Azure region: 

      $ AZURE_REGION=$(az group show --resource-group ${AZURE_RESOURCE_GROUP} --query "{Location:location}" --output tsv) && echo "AZURE_REGION: \"$AZURE_REGION\""
      Copy to Clipboard

  2. Create a peer-pods-cm.yaml manifest file according to the following example: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: peer-pods-cm
  namespace: openshift-sandboxed-containers-operator
data:
  CLOUD_PROVIDER: "azure"
  VXLAN_PORT: "9000"
  AZURE_INSTANCE_SIZE: "Standard_DC2as_v5"
    1 
    
  AZURE_INSTANCE_SIZES: "Standard_DC2as_v5, Standard_DC4as_v5, Standard_DC8as_v5"
    2 
    
  AZURE_SUBNET_ID: "<azure_subnet_id>"
    3 
    
  AZURE_NSG_ID: "<azure_nsg_id>"
    4 
    
  PROXY_TIMEOUT: "5m"
  AZURE_IMAGE_ID: "<azure_image_id>"
    5 
    
  AZURE_REGION: "<azure_region>"
    6 
    
  AZURE_RESOURCE_GROUP: "<azure_resource_group>"
    7 
    
  PEERPODS_LIMIT_PER_NODE: "10"
    8 
    
  TAGS: "key1=value1,key2=value2"
    9 
    
  ROOT_VOLUME_SIZE: "6"
    10 
    
  INITDATA: "<base64_encoded_initdata>"
    11 
    
  DISABLECVM: "false"
    Copy to Clipboard
    1
    The "Standard_DC2as_v5" value is the default if an instance size is not defined in the workload. Ensure the instance type supports the trusted environment. The default "Standard_DC2as_v5" value is for AMD SEV-SNP. If your TEE is Intel TDX, specify Standard_EC4eds_v5.
    2
    Lists all of the instance sizes you can specify when creating the pod. This allows you to define smaller instance sizes for workloads that need less memory and fewer CPUs or larger instance sizes for larger workloads. For Intel TDX, specify "Standard_EC4eds_v5, Standard_EC8eds_v5, Standard_EC16eds_v5".
    3
    Specify the AZURE_SUBNET_ID value that you retrieved.
    4
    Specify the AZURE_NSG_ID value that you retrieved.
    5
    Optional: By default, this value is populated when you run the KataConfig CR, using an Azure image ID based on your cluster credentials. If you create your own Azure image, specify the correct image ID.
    6
    Specify the AZURE_REGION value you retrieved.
    7
    Specify the AZURE_RESOURCE_GROUP value you retrieved.
    8
    Specify the maximum number of peer pods that can be created per node. The default value is 10.
    9
    You can configure custom tags as key:value pairs for pod VM instances to track peer pod costs or to identify peer pods in different clusters.
    10
    Optional: Specify the root volume size in gigabytes for the pod VM. The default and minimum size is 6 GB. Increase this value for pods with larger container images.
    11
    Specify the Base64-encoded string in gzip format created in the initdata.txt file.

  3. Create the config map by running the following command: 

    $ oc apply -f peer-pods-cm.yaml
    Copy to Clipboard

  4. Restart the ds/osc-caa-ds daemon set by running the following command: 

    $ oc set env ds/osc-caa-ds \
  -n openshift-sandboxed-containers-operator REBOOT="$(date)"
    Copy to Clipboard

2.5. Customizing Initdata on a pod

You can override the global INITDATA setting you applied in the peer pods config map by applying customized initdata to a specific pod for special use cases, such as development and testing with a relaxed policy, or using a different Trustee server than what is configured as default. You can customize initdata by adding an annotation to the workload pod YAML.

Procedure

  1. Create an initdata string for the pod.

  2. Add the Base64-encoded initdata a my-pod.yaml pod manifest: 

    apiVersion: v1
kind: Pod
metadata:
  name: ocp-cc-pod
  labels:
    app: ocp-cc-pod
  annotations:
    io.katacontainers.config.runtime.cc_init_data: <base64_initdata>
spec:
  runtimeClassName: kata-remote
  containers:
  - name: <container_name>
    image: registry.access.redhat.com/ubi9/ubi:latest
    command:
    - sleep
    - "36000"
    securityContext:
      privileged: false
      seccompProfile:
        type: RuntimeDefault
    Copy to Clipboard

  3. Apply the pod manifest by running the following command: 

    $ oc apply -f my-pod.yaml
    Copy to Clipboard

2.6. Deleting the KataConfig custom resource

You can delete the KataConfig custom resource (CR) by using the command line.

Deleting the KataConfig CR removes the runtime and its related resources from your cluster.

Important

Deleting the KataConfig CR automatically reboots the worker nodes. The reboot can take from 10 to more than 60 minutes. Factors that impede reboot time are as follows:

  • A larger OpenShift Container Platform deployment with a greater number of worker nodes.
  • Activation of the BIOS and Diagnostics utility.
  • Deployment on a hard drive rather than an SSD.
  • Deployment on physical nodes such as bare metal, rather than on virtual nodes.
  • A slow CPU and network.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.

Procedure

  1. Delete the KataConfig CR by running the following command: 

    $ oc delete kataconfig example-kataconfig
    Copy to Clipboard

    The OpenShift sandboxed containers Operator removes all resources that were initially created to enable the runtime on your cluster.

    Important

    When you delete the KataConfig CR, the CLI stops responding until all worker nodes reboot. You must wait for the deletion process to complete before performing the verification.

  2. Verify the CR removal by running the following command: 

    $ oc get kataconfig example-kataconfig
    Copy to Clipboard

    Example output

    No example-kataconfig instances exist
    Copy to Clipboard

Important

You must ensure that all pods are deleted. Any remaining pod resources might result in an unexpected bill from your cloud provider.

2.7. Selecting a custom peer pod VM image

You can select a custom peer pod virtual machine (VM) image, tailored to your workload requirements by adding an annotation to the pod manifest. The custom image overrides the default image specified in the peer pods config map.

Prerequisites

  • The ID of the custom pod VM image to use, compatible with the cloud provider or hypervisor, is available.

Procedure

  1. Edit the pod manifest by adding the io.katacontainers.config.hypervisor.image annotation and save it in a pod-manifest.yaml file: 

    apiVersion: v1
kind: Pod
metadata:
  name: pod-manifest
  annotations:
    io.katacontainers.config.hypervisor.image: "<custom_image_id>"
    1 
    
spec:
  runtimeClassName: kata-remote
    2 
    
  containers:
  - name: <example_container>
    3 
    
    image: registry.access.redhat.com/ubi9/ubi:9.3
    command: ["sleep", "36000"]
    Copy to Clipboard
    1
    Specify the custom peer pod image ID.
    2
    Ensure that the runtimeClassName field is set to kata-remote to create a peer pod.
    3
    Specify the container name.

  2. Create the pod by running the following command: 

    $ oc apply -f pod-manifest.yaml
    Copy to Clipboard

2.8. Re-creating the KataConfig custom resource

You must re-create the KataConfig custom resource (CR) for Confidential Containers.

Important

Creating the KataConfig CR automatically reboots the worker nodes. The reboot can take from 10 to more than 60 minutes. Factors that impede reboot time are as follows:

  • A larger OpenShift Container Platform deployment with a greater number of worker nodes.
  • Activation of the BIOS and Diagnostics utility.
  • Deployment on a hard disk drive rather than an SSD.
  • Deployment on physical nodes such as bare metal, rather than on virtual nodes.
  • A slow CPU and network.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.

Procedure

  1. Create an example-kataconfig.yaml manifest file according to the following example: 

    apiVersion: kataconfiguration.openshift.io/v1
kind: KataConfig
metadata:
  name: example-kataconfig
spec:
  enablePeerPods: true
  logLevel: info
#  kataConfigPoolSelector:
#    matchLabels:
#      <label_key>: '<label_value>'
    1
    Copy to Clipboard
    1
    Optional: If you have applied node labels to install {runtime} on specific nodes, specify the key and value, for example, cc: 'true'.

  2. Create the KataConfig CR by running the following command: 

    $ oc apply -f example-kataconfig.yaml
    Copy to Clipboard

    The new KataConfig CR is created and installs {runtime} as a runtime class on the worker nodes.

    Wait for the {runtime} installation to complete and the worker nodes to reboot before verifying the installation.

  3. Monitor the installation progress by running the following command: 

    $ watch "oc describe kataconfig | sed -n /^Status:/,/^Events/p"
    Copy to Clipboard

    When the status of all workers under kataNodes is installed and the condition InProgress is False without specifying a reason, the {runtime} is installed on the cluster.

  4. Verify the daemon set by running the following command: 

    $ oc get -n openshift-sandboxed-containers-operator ds/osc-caa-ds
    Copy to Clipboard

  5. Verify the runtime classes by running the following command: 

    $ oc get runtimeclass
    Copy to Clipboard

    Example output

    NAME             HANDLER          AGE
kata-remote      kata-remote      152m
    Copy to Clipboard

2.9. Verifying the attestation process

You can verify the attestation process by creating a test pod with a relaxed Kata agent policy and retrieving a resource from the Trustee server.

Important

This procedure is an example to verify that attestation is working. Do not write sensitive data to standard I/O, because the data can be captured by using a memory dump. Only data written to memory is encrypted.

Prerequisites

  • You have created a route if the Trustee server and the test pod are not running in the same cluster.

Procedure

  1. Create a verification-pod.yaml manifest file: 

    apiVersion: v1
kind: Pod
metadata:
  name: ocp-cc-pod
  labels:
    app: ocp-cc-pod
  annotations:
    io.katacontainers.config.runtime.cc_init_data: <base64_initdata>
    1 
    
spec:
  runtimeClassName: kata-remote
  containers:
    - name: skr-openshift
      image: registry.access.redhat.com/ubi9/ubi:9.3
      command:
        - sleep
        - "36000"
      securityContext:
        privileged: false
        seccompProfile:
          type: RuntimeDefault
    Copy to Clipboard
    1
    This pod annotation overrides the Base64-encoded string of the initdata.toml file set globally in the peer pods config map.

  2. Create the pod by running the following command: 

    $ oc create -f verification-pod.yaml
    Copy to Clipboard

  3. Connect to the Bash shell of the ocp-cc-pod by running the following command: 

    $ oc exec -it ocp-cc-pod -- bash
    Copy to Clipboard

  4. Fetch the pod secret by running the following command: 

    $ curl http://127.0.0.1:8006/cdh/resource/default/kbsres1/key1
    Copy to Clipboard

    Example output

    res1val1
    Copy to Clipboard

    The Trustee server returns the secret only if the attestation is successful.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat