Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Deploying confidential containers

OpenShift sandboxed containers 1.11

Protecting containers and data by leveraging trusted execution environments

Red Hat Customer Content Services

Abstract

Confidential containers provide a confidential computing environment to protect containers and data by leveraging trusted execution environments. You install the OpenShift sandboxed containers Operator on an OpenShift Container Platform cluster for your confidential containers workload after configuring an attestation service such as Red Hat build of Trustee in a trusted environment.

Preface
Copy link

Chapter 1. Overview
Copy link

Learn about confidential containers and ensure that your OpenShift Container Platform environment is compatible.

1.1. About confidential containers
Copy link

Confidential containers provides a confidential computing environment to protect containers and data by leveraging Trusted Execution Environments.

For more information, see Exploring the OpenShift confidential containers solution.

The required functionality for Red Hat OpenShift Container Platform is supported by two main components:

Kata runtime
The Kata runtime is included with Red Hat Enterprise Linux CoreOS (RHCOS) and receives updates with every OpenShift Container Platform release. When enabling peer pods with the Kata runtime, the OpenShift sandboxed containers Operator requires external network connectivity to pull the necessary image components and helper utilities to create the pod virtual machine (VM) image.
OpenShift sandboxed containers Operator
The OpenShift sandboxed containers Operator is a Rolling Stream Operator, which means the latest version is the only supported version. It works with all currently supported versions of OpenShift Container Platform.

The Operator depends on the features that come with the RHCOS host and the environment it runs in.

Note

You must install RHCOS on the worker nodes. Red Hat Enterprise Linux (RHEL) nodes are not supported.

The following compatibility matrix for OpenShift sandboxed containers and OpenShift Container Platform releases identifies compatible features and environments.

Expand
Table 1.1. Supported architectures
ArchitectureOpenShift Container Platform version

x86_64

4.17 or later

s390x

4.17 or later

There are two ways to deploy the Kata containers runtime:

  • Bare metal
  • Peer pods

You can deploy OpenShift sandboxed containers by using peer pods on Microsoft Azure, AWS Cloud Computing Services, or Google Cloud. With the release of OpenShift sandboxed containers 1.11, the OpenShift sandboxed containers Operator requires OpenShift Container Platform version 4.17 or later.

Expand
Table 1.2. Feature availability by OpenShift Container Platform version
Major release version4.174.184.194.20

Minor release version

4.17.45+

4.18.30+

4.19.20+

4.20.6+

Feature

Platform

    

Confidential containers

Bare metal

 — 

 — 

 — 

TP

Azure peer pods

GA

GA

GA

GA

IBM Z peer pods

TP

TP

TP

TP

IBM Z bare metal

 — 

 — 

 — 

TP

GPU support

Bare metal

 — 

 — 

 — 

 — 

Azure

DP

DP

DP

DP

AWS

DP

DP

DP

DP

Google Cloud

DP

DP

DP

DP

Important

GPU support for peer pods is a Developer Preview feature only. Developer Preview features are not supported by Red Hat in any way and are not functionally complete or production-ready. Do not use Developer Preview features for production or business-critical workloads. Developer Preview features provide early access to upcoming product features in advance of their possible inclusion in a Red Hat product offering, enabling customers to test functionality and provide feedback during the development process. These features might not have any documentation, are subject to change or removal at any time, and testing is limited. Red Hat might provide ways to submit feedback on Developer Preview features without an associated SLA.

Expand
Table 1.3. Supported cloud platforms
PlatformGPUConfidential containers

Azure

DP

GA

AWS

DP

 — 

Google Cloud

DP

 — 

Expand
Table 1.4. Supported on-premise platforms
PlatformGPUConfidential containers

Bare metal

 — 

TP

IBM Z

 — 

TP

1.3. Providing feedback on Red Hat documentation
Copy link

You can provide feedback or report an error by submitting the Create Issue form in Jira:

  1. Ensure that you are logged in to Jira. If you do not have a Jira account, you must create a Red Hat Jira account.
  2. Launch the Create Issue form.

  3. Complete the Summary, Description, and Reporter fields.

    In the Description field, include the documentation URL, chapter or section number, and a detailed description of the issue.

  4. Click Create.

You can deploy confidential containers workloads on a Red Hat OpenShift Container Platform cluster running on bare metal.

Important

Confidential containers on bare metal is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

2.1. Preparation
Copy link

Review these prerequisites and concepts before you deploy confidential containers on bare metal.

2.1.1. Prerequisites
Copy link

  • You have deployed Red Hat build of Trustee on an OpenShift Container Platform cluster in a trusted environment. For more information, see Deploying Red Hat build of Trustee.
  • You have installed the latest version of Red Hat OpenShift Container Platform on the cluster where you are running your confidential containers workload.

2.1.2. Initdata
Copy link

The initdata specification provides a flexible way to initialize a pod with workload-specific data at runtime, avoiding the need to embed such data in the virtual machine (VM) image.

This approach enhances security by reducing the exposure of confidential information and improves flexibility by eliminating custom image builds. For example, initdata can include three configuration settings:

  • An X.509 certificate for secure communication.
  • A cryptographic key for authentication.
  • An optional Kata Agent policy.rego file to enforce runtime behavior when overriding the default Kata Agent policy.

The initdata content configures the following components:

  • Attestation Agent (AA), which verifies the trustworthiness of the pod by sending evidence for attestation.
  • Confidential Data Hub (CDH), which manages secrets and secure data access within the pod VM.
  • Kata Agent, which enforces runtime policies and manages the lifecycle of the containers inside the pod VM.

You create an initdata.toml file and convert it to a Base64-encoded, gzip-format string.

You apply the initdata string to your workload by one of the following methods:

  • Global configuration: Add the initdata string as the value of the INITDATA key in the peer pods config map to create a default configuration for all peer pods.

  • Pod configuration: Add the initdata string as an annotation to a pod manifest, allowing customization for individual workloads.

    Note

    The initdata annotation in the pod manifest overrides the global INITDATA value in the peer pods config map for that specific pod. The Kata runtime handles this precedence automatically at pod creation time.

2.1.3. Kata runtime deployment modes
Copy link

You can choose how the Operator installs and configures the Kata runtime using the deployment modes MachineConfig, DaemonSet, or DaemonSetFallback. You specify the data.deploymentMode key in the osc-feature-gates config map. This flexibility allows the Operator to work consistently in clusters with or without the Machine Config Operator (MCO).

MachineConfig
For clusters that use the Machine Config Operator (MCO). If the deploymentMode key is missing in the config map, the Operator defaults to the MachineConfig for backward compatibility.
DaemonSet
For clusters without the MCO. The Operator uses a DaemonSet to install kata-containers RPMs and manage CRI-O configuration by using host drop-in files. Installation progress is tracked through node labels (for example, installing, installed).
DaemonSetFallback
Enables conditional deployment based on the cluster environment. When set, the operator checks for the presence of the MCO. It uses DaemonSet if the MachineConfig add-on is unavailable and defaults to MachineConfig otherwise.

2.2. Deployment overview
Copy link

You deploy confidential containers on bare metal by performing the following steps:

  1. Create MachineConfig for Intel® Trust Domain Extensions (TDX).
  2. Install the OpenShift sandboxed containers Operator.
  3. Configure the remote attestation infrastructure for Intel® TDX workloads.
  4. Enable the confidential containers feature gate.
  5. Create the KataConfig CR.
  6. Verify the attestation process.

2.3. Creating a machine config for Intel TDX
Copy link

If you use Intel® Trust Domain Extensions (TDX), you must create a MachineConfig object before you install the Red Hat build of Trustee Operator.

Procedure

  1. Create a tdx-machine-config.yaml manifest file according to the following example: 

    apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: <role>
    1 
    
  name: 99-enable-intel-tdx
spec:
  kernelArguments:
  - kvm_intel.tdx=1
  - nohibernate
  config:
    ignition:
      version: 3.2.0
    storage:
      files:
        - path: /etc/modules-load.d/vsock.conf
          mode: 0644
          contents:
            source: data:text/plain;charset=utf-8;base64,dnNvY2stbG9vcGJhY2sK
    Copy to Clipboard Toggle word wrap
    1
    Specify master for single-node OpenShift or kata-oc for a multi-node cluster.

  2. Create the config map by running the following command: 

    $ oc create -f tdx-machine-config.yaml
    Copy to Clipboard Toggle word wrap

    Updating the machine config triggers node reboot.

Verification

  1. Verify that the machine config is correctly configured by running the following command: 

    $ oc get oc get machineconfig 99-enable-intel-tdx
    Copy to Clipboard Toggle word wrap

You install the OpenShift sandboxed containers Operator by using the command line interface (CLI).

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.

Procedure

  1. Create an osc-namespace.yaml manifest file: 

    apiVersion: v1
kind: Namespace
metadata:
  name: openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

  2. Create the namespace by running the following command: 

    $ oc apply -f osc-namespace.yaml
    Copy to Clipboard Toggle word wrap

  3. Create an osc-operatorgroup.yaml manifest file: 

    apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: sandboxed-containers-operator-group
  namespace: openshift-sandboxed-containers-operator
spec:
  targetNamespaces:
  - openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

  4. Create the operator group by running the following command: 

    $ oc apply -f osc-operatorgroup.yaml
    Copy to Clipboard Toggle word wrap

  5. Create an osc-subscription.yaml manifest file: 

    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: sandboxed-containers-operator
  namespace: openshift-sandboxed-containers-operator
spec:
  channel: stable
  installPlanApproval: Automatic
  name: sandboxed-containers-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
  startingCSV: sandboxed-containers-operator.v1.11.1
    Copy to Clipboard Toggle word wrap

  6. Create the subscription by running the following command: 

    $ oc create -f osc-subscription.yaml
    Copy to Clipboard Toggle word wrap

  7. Verify that the Operator is correctly installed by running the following command: 

    $ oc get csv -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

    This command can take several minutes to complete.

  8. Watch the process by running the following command: 

    $ watch oc get csv -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                             DISPLAY                                  VERSION             REPLACES                   PHASE
openshift-sandboxed-containers   openshift-sandboxed-containers-operator  1.11.1    1.10.3        Succeeded
    Copy to Clipboard Toggle word wrap

2.5. Configuring auto-detection of TEEs
Copy link

You must configure your nodes so that the OpenShift sandboxed containers Operator can detect the Trusted Execution Environments (TEEs).

You label the nodes by installing and configuring the Node Feature Discovery (NFD) Operator.

You create a NodeFeatureDiscovery custom resource (CR) to define the configuration parameters that the Node Feature Discovery (NFD) Operator checks to automatically detect your TEE.

Prerequisites

Procedure

  1. Create a my-nfd.yaml manifest file according to the following example: 

    apiVersion: nfd.openshift.io/v1
kind: NodeFeatureDiscovery
metadata:
  name: nfd-instance
  namespace: openshift-nfd
spec:
  operand:
    image: registry.redhat.io/openshift4/ose-node-feature-discovery-rhel9:v4.20
    imagePullPolicy: Always
    servicePort: 12000
  workerConfig:
    configData: |
    Copy to Clipboard Toggle word wrap

  2. Create the NodeFeatureDiscovery CR: 

    $ oc create -f my-nfd.yaml
    Copy to Clipboard Toggle word wrap

Create a NodeFeatureRule custom resource for your Trusted Execution Environment (TEE).

Procedure

  1. Create a custom resource manifest named my-nodefeaturerule.yaml for your TEE: 

    apiVersion: nfd.openshift.io/v1alpha1
kind: NodeFeatureRule
metadata:
  name: osc-rules
  namespace: openshift-nfd
spec:
  rules:
    - name: "runtime.kata"
      labels:
        "feature.node.kubernetes.io/runtime.kata": "true"
      matchAny:
        - matchFeatures:
            - feature: cpu.cpuid
              matchExpressions:
                SSE42: {op: Exists}
                VMX: {op: Exists}
            - feature: kernel.loadedmodule
              matchExpressions:
                kvm: {op: Exists}
                kvm_intel: {op: Exists}
        - matchFeatures:
            - feature: cpu.cpuid
              matchExpressions:
                SSE42: {op: Exists}
                SVM: {op: Exists}
            - feature: kernel.loadedmodule
              matchExpressions:
                kvm: {op: Exists}
                kvm_amd: {op: Exists}
    Copy to Clipboard Toggle word wrap

    • AMD SEV-SNP: 

      apiVersion: nfd.openshift.io/v1alpha1
kind: NodeFeatureRule
metadata:
  name: amd-sev-snp
  namespace: openshift-nfd
spec:
  rules:
    - name: "amd.sev-snp"
      labels:
        "amd.feature.node.kubernetes.io/snp": "true"
      extendedResources:
        sev-snp.amd.com/esids: "@cpu.security.sev.encrypted_state_ids"
      matchFeatures:
        - feature: cpu.security
          matchExpressions:
            sev.snp.enabled: { op: Exists }
      Copy to Clipboard Toggle word wrap

    • Intel® Trust Domain Extensions (TDX): 

      apiVersion: nfd.openshift.io/v1alpha1
kind: NodeFeatureRule
metadata:
  name: intel-tdx
  namespace: openshift-nfd
spec:
  rules:
    - name: "intel.sgx"
      labels:
        "feature.node.kubernetes.io/sgx": "true"
      extendedResources:
        sgx.intel.com/epc: "@cpu.security.sgx.epc"
      matchFeatures:
        - feature: cpu.cpuid
          matchExpressions:
            SGX: {op: Exists}
            SGXLC: {op: Exists}
        - feature: cpu.security
          matchExpressions:
            sgx.enabled: {op: IsTrue}
        - feature: kernel.config
          matchExpressions:
            X86_SGX: {op: Exists}
    - name: "intel.tdx"
      labels:
        "intel.feature.node.kubernetes.io/tdx": "true"
      extendedResources:
        tdx.intel.com/keys: "@cpu.security.tdx.total_keys"
      matchFeatures:
        - feature: cpu.security
          matchExpressions:
            tdx.enabled: {op: Exists}
      Copy to Clipboard Toggle word wrap

  2. Create the NodeFeatureRule CR by running the following command: 

    $ oc create -f my-nodefeaturerule.yaml
    Copy to Clipboard Toggle word wrap
Note

A relabeling delay of up to 1 minute might occur.

2.6. Deploying remote attestation for Intel TDX
Copy link

You must deploy the Intel® remote attestation infrastructure to enable quote generation for Intel® Trust Domain Extensions (TDX) pod virtual machines.

The infrastructure includes the following components:

  • In-cluster Provisioning Certificate Caching Service (PCCS)
  • Automatic per-node Provisioning Certification Key (PCK) Cert ID Retrieval Tool based platform (re-)registration
  • Per-node Quote Generation Service (QGS)

Prerequisites

  • You have installed the Intel® device plugins Operator and created an instance of the Intel® Software Guard Extensions device plugin. For details, see Installing from the software catalog by using the web console in the OpenShift Container Platform documentation.
  • The node on which you deploy PCCS has Internet access.

Procedure

  1. Configure the remote attestation project:

    1. Create the intel-dcap namespace by running the following command: 

      $ oc create namespace intel-dcap
      Copy to Clipboard Toggle word wrap

    2. Switch to the intel-dcap project by running the following command: 

      $ oc project intel-dcap
      Copy to Clipboard Toggle word wrap

    3. Update the Security Context Constraint by running the following command: 

      $ oc adm policy add-scc-to-user privileged -z default
      Copy to Clipboard Toggle word wrap

  2. Switch to the default project by running the following command: 

    $ oc project default
    Copy to Clipboard Toggle word wrap

  3. Set the PCCS variables by running the following commands: 

    $ export PCCS_API_KEY="${PCCS_API_KEY:-}"
    Copy to Clipboard Toggle word wrap

    To obtain the API key for the Intel® Software Guard Extensions and Intel® TDX Provisioning Certification Service, navigate to the Intel Trusted Services API portal, sign in, and subscribe to the Provisioning Certification Service. The API key is displayed on the Manage Subscriptions page. 

    $ export PCCS_USER_TOKEN="${PCCS_USER_TOKEN:-mytoken}"
    Copy to Clipboard Toggle word wrap

    For details about PCCS tokens, see the Design Guide for Intel® SGX Provisioning Certificate Caching Service (Intel® SGX PCCS). 

    $ export PCCS_ADMIN_TOKEN="${PCCS_ADMIN_TOKEN:-mytoken}"
    Copy to Clipboard Toggle word wrap 
    $ export PCCS_NODE=$(oc get nodes \
  -l 'node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=' \
  -o jsonpath='{.items[0].metadata.name}')
    Copy to Clipboard Toggle word wrap

  4. Set the cluster proxy variable by running the appropriate command: 

    $ export CLUSTER_HTTPS_PROXY="$(oc get proxy/cluster \
  -o jsonpath={.spec.httpsProxy})"
    Copy to Clipboard Toggle word wrap 
    $ export CLUSTER_NO_PROXY="$(oc get proxy/cluster \
  -o jsonpath={.spec.noProxy})"
    Copy to Clipboard Toggle word wrap

  5. Create the PCCS secrets:

    1. Set the PCCS secrets variables by running the following commands: 

      $ export PCCS_USER_TOKEN_HASH=$(echo -n "$PCCS_USER_TOKEN" | sha512sum | tr -d '[:space:]-')
      Copy to Clipboard Toggle word wrap 
      $ export PCCS_ADMIN_TOKEN_HASH=$(echo -n "$PCCS_ADMIN_TOKEN" | sha512sum | tr -d '[:space:]-')
      Copy to Clipboard Toggle word wrap 
      $ PCCS_PEM_CERT_PATH=$(mktemp -d)
      Copy to Clipboard Toggle word wrap
      Note

      This directory is automatically deleted at reboot. To re-use the PCCS certificate and key, you must create a persistent directory.

    2. Generate an RSA key pair and output the private key as a PCCS certificate by running the following command: 

      $ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 \
  -keyout $PCCS_PEM_CERT_PATH/private.pem \
  -out $PCCS_PEM_CERT_PATH/certificate.pem \
  -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"
      Copy to Clipboard Toggle word wrap

    3. Set the PCCS certificate variables by running the following commands: 

      $ export PCCS_PEM=$(cat "$PCCS_PEM_CERT_PATH"/private.pem | base64 | tr -d '\n')
      Copy to Clipboard Toggle word wrap 
      $ export PCCS_CERT=$(cat "$PCCS_PEM_CERT_PATH"/certificate.pem | base64 | tr -d '\n')
      Copy to Clipboard Toggle word wrap

    4. Create the PCCS secrets by running the following command: 

      $ oc create secret generic pccs-secrets \
    --namespace intel-dcap \
    --from-literal=PCCS_API_KEY="$PCCS_API_KEY" \
    --from-literal=PCCS_USER_TOKEN_HASH="$PCCS_USER_TOKEN_HASH" \
    --from-literal=USER_TOKEN="$PCCS_USER_TOKEN" \
    --from-literal=PCCS_ADMIN_TOKEN_HASH="$PCCS_ADMIN_TOKEN_HASH"
      Copy to Clipboard Toggle word wrap

  6. Create the PCCS by running the following command: 

    $ oc apply -f <(curl -sSf https://raw.githubusercontent.com/openshift/sandboxed-containers-operator/refs/heads/devel/scripts/install-helpers/baremetal-coco/intel-dcap/pccs.yaml.in|envsubst)
    Copy to Clipboard Toggle word wrap

  7. Create the QGS by running the following command: 

    $ oc apply -f https://raw.githubusercontent.com/openshift/sandboxed-containers-operator/refs/heads/devel/scripts/install-helpers/baremetal-coco/intel-dcap/qgs.yaml
    Copy to Clipboard Toggle word wrap

2.7. Creating the osc-feature-gates config map
Copy link

You enable the confidential containers feature gate and specify the deployment mode by creating the config map.

Procedure

  1. Create a my-feature-gate.yaml manifest file: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: osc-feature-gates
  namespace: openshift-sandboxed-containers-operator
data:
  confidential: "true"
  deploymentMode: <deployment_mode>
    Copy to Clipboard Toggle word wrap

    where

    <deployment_mode>

    On OpenShift Container Platform clusters with the Machine Config Operator (MCO), the deploymentMode field is optional and can be omitted. Specifies the strategy for installing and configuring the Kata runtime. Specify the deployment mode:

    • MachineConfig for clusters that always use the MCO
    • DaemonSet for clusters that never use the MCO
    • DaemonSetFallback for clusters that sometimes use the MCO

  2. Create the my-feature-gates config map by running the following command: 

    $ oc create -f my-feature-gate.yaml
    Copy to Clipboard Toggle word wrap

2.8. Creating initdata
Copy link

You create initdata to securely initialize a pod with sensitive or workload-specific data at runtime, thus avoiding the need to embed this data in a virtual machine image. This approach provides additional security by reducing the risk of exposure of confidential information and eliminates the need for custom image builds.

Important

You must delete the kbs_cert setting if you configure insecure_http = true in the kbs-config config map for Red Hat build of Trustee.

Procedure

  1. Create the initdata.toml file: 

    algorithm = "sha384"
version = "0.1.0"

[data]
"aa.toml" = '''
[token_configs]
[token_configs.coco_as]

url = '<trustee_url>'

[token_configs.kbs]
url = '<trustee_url>'
'''

"cdh.toml" = '''
socket = 'unix:///run/confidential-containers/cdh.sock'
credentials = []

[kbc]
name = 'cc_kbc'
url = '<trustee_url>'
kbs_cert = """
-----BEGIN CERTIFICATE-----
<kbs_certificate>
-----END CERTIFICATE-----
"""
[image]
image_security_policy_uri = 'kbs:///default/<secret-policy-name>/<key>
'''

"policy.rego" = '''
package agent_policy

default AddARPNeighborsRequest := true
default AddSwapRequest := true
default CloseStdinRequest := true
default CopyFileRequest := true
default CreateContainerRequest := true
default CreateSandboxRequest := true
default DestroySandboxRequest := true
default GetMetricsRequest := true
default GetOOMEventRequest := true
default GuestDetailsRequest := true
default ListInterfacesRequest := true
default ListRoutesRequest := true
default MemHotplugByProbeRequest := true
default OnlineCPUMemRequest := true
default PauseContainerRequest := true
default PullImageRequest := true
default ReadStreamRequest := false
default RemoveContainerRequest := true
default RemoveStaleVirtiofsShareMountsRequest := true
default ReseedRandomDevRequest := true
default ResumeContainerRequest := true
default SetGuestDateTimeRequest := true
default SignalProcessRequest := true
default StartContainerRequest := true
default StartTracingRequest := true
default StatsContainerRequest := true
default StopTracingRequest := true
default TtyWinResizeRequest := true
default UpdateContainerRequest := true
default UpdateEphemeralMountsRequest := true
default UpdateInterfaceRequest := true
default UpdateRoutesRequest := true
default WaitProcessRequest := true
default ExecProcessRequest := false
default SetPolicyRequest := false
default WriteStreamRequest := false

ExecProcessRequest if {
    input_command = concat(" ", input.process.Args)
    some allowed_command in policy_data.allowed_commands
    input_command == allowed_command
}

policy_data := {
  "allowed_commands": [
        "curl http://127.0.0.1:8006/cdh/resource/default/attestation-status/status"
  ]
}
'''
    Copy to Clipboard Toggle word wrap
    url
    Specify the Red Hat build of Trustee
    <kbs_certificate>
    Specify the Base64-encoded TLS certificate for the attestation agent.
    kbs_cert
    Delete the kbs_cert setting if you configure insecure_http = true in the kbs-config config map for Red Hat build of Trustee.
    image_security_policy_uri
    Optional, only if you enabled the container image signature verification policy. Replace <secret-policy-name> and <key> with the secret name and key, respectively specified in Creating the KbsConfig custom resource.

  2. Convert the initdata.toml file to a gzipped, Base64-encoded string in a text file by running the following command: 

    $ cat initdata.toml | gzip | base64 -w0 > initdata.txt
    Copy to Clipboard Toggle word wrap

    Record this string to use in the pod manifest.

  3. Calculate the SHA-256 hash of an initdata.toml file and assign its value to the hash variable by running the following command: 

    $ hash=$(sha256sum initdata.toml | cut -d' ' -f1)
    Copy to Clipboard Toggle word wrap

  4. Assign 32 bytes of 0s to the initial_pcr variable by running the following command: 

    $ initial_pcr=0000000000000000000000000000000000000000000000000000000000000000
    Copy to Clipboard Toggle word wrap

  5. Calculate the SHA-256 hash of hash and initial_pcr and assign its value to the PCR8_HASH variable by running the following command: 

    $ PCR8_HASH=$(echo -n "$initial_pcr$hash" | xxd -r -p | sha256sum | cut -d' ' -f1) && echo $PCR8_HASH
    Copy to Clipboard Toggle word wrap

    Record the PCR8_HASH value for the RVPS config map.

2.9. Applying initdata to a pod
Copy link

Prerequisite

  • You have created an initdata string.

Procedure

  1. Add the initdata string to the pod manifest: 

    apiVersion: v1
kind: Pod
metadata:
  name: ocp-cc-pod
  labels:
    app: ocp-cc-pod
  annotations:
    io.katacontainers.config.hypervisor.cc_init_data: <initdata_string>
spec:
  runtimeClassName: kata-cc
  containers:
  - name: <container_name>
    image: registry.access.redhat.com/ubi9/ubi:latest
    command:
    - sleep
    - "36000"
    securityContext:
      privileged: false
      seccompProfile:
        type: RuntimeDefault
    Copy to Clipboard Toggle word wrap

  2. Create the pod by running the following command: 

    $ oc create -f my-pod.yaml
    Copy to Clipboard Toggle word wrap

2.10. Creating the KataConfig custom resource
Copy link

You must create the KataConfig custom resource (CR) to install kata-cc as a runtime class on your worker nodes.

OpenShift sandboxed containers installs kata-cc as a secondary, optional runtime on the cluster and not as the primary runtime.

Creating the KataConfig CR automatically reboots the worker nodes. The reboot can take from 10 to more than 60 minutes. The following factors can increase the reboot time:

  • A large OpenShift Container Platform deployment with a greater number of worker nodes.
  • Activation of the BIOS and Diagnostics utility.
  • Deployment on a hard disk drive rather than an SSD.
  • Deployment on physical nodes such as bare metal, rather than on virtual nodes.
  • A slow CPU and network.

Procedure

  1. Create an example-kataconfig.yaml manifest file according to the following example: 

    apiVersion: kataconfiguration.openshift.io/v1
kind: KataConfig
metadata:
  name: example-kataconfig
spec:

  enablePeerPods: false
  checkNodeEligibility: true

  logLevel: info
#  kataConfigPoolSelector:
#    matchLabels:
#      <label_key>: '<label_value>'
    1
    Copy to Clipboard Toggle word wrap

  2. Create the KataConfig CR by running the following command: 

    $ oc create -f example-kataconfig.yaml
    Copy to Clipboard Toggle word wrap

    The new KataConfig CR is created and installs kata-cc as a runtime class on the worker nodes.

    Wait for the kata-cc installation to complete and the worker nodes to reboot before verifying the installation.

  3. Monitor the installation progress by running the following command: 

    $ watch "oc describe kataconfig | sed -n /^Status:/,/^Events/p"
    Copy to Clipboard Toggle word wrap

    When the status of all workers under kataNodes is installed and the condition InProgress is False without specifying a reason, the kata-cc is installed on the cluster.

  4. Verify the runtime classes by running the following command: 

    $ oc get runtimeclass
    Copy to Clipboard Toggle word wrap

    Example output

    NAME             HANDLER          AGE
kata-cc      kata-tdx      152m
    Copy to Clipboard Toggle word wrap

2.11. Verifying attestation
Copy link

You can verify the attestation process by creating a test pod to retrieve a specific resource from Red Hat build of Trustee.

Important

This procedure is an example to verify that attestation is working. Do not write sensitive data to standard I/O, because the data can be captured by using a memory dump. Only data written to memory is encrypted.

Procedure

  1. Create a test-pod.yaml manifest file: 

    apiVersion: v1
kind: Pod
metadata:
  name: ocp-cc-pod
  labels:
    app: ocp-cc-pod
  annotations:
    io.katacontainers.config.hypervisor.cc_init_data: <initdata_string>
    1 
    
spec:
  runtimeClassName: kata-cc
  containers:
    - name: skr-openshift
      image: registry.access.redhat.com/ubi9/ubi:latest
      command:
        - sleep
        - "36000"
      securityContext:
        privileged: false
        seccompProfile:
          type: RuntimeDefault
metadata:
  name: coco-test-pod
  labels:
    app: coco-test-pod
  annotations:
    io.katacontainers.config.hypervisor.cc_init_data: <initdata_string>
    2 
    
spec:
  runtimeClassName: kata-cc
  containers:
    - name: test-container
      image: registry.access.redhat.com/ubi9/ubi:9.3
      command:
        - sleep
        - "36000"
      securityContext:
        privileged: false
        seccompProfile:
          type: RuntimeDefault
    Copy to Clipboard Toggle word wrap
    1 1 2
    Optional: Setting initdata in a pod annotation overrides the global INITDATA setting in the peer pods config map.

  2. Create the pod by running the following command: 

    $ oc create -f test-pod.yaml
    Copy to Clipboard Toggle word wrap

  3. Log in to the pod by running the following command: 

    $ oc exec -it ocp-cc-pod -- bash
    Copy to Clipboard Toggle word wrap

  4. Fetch the Red Hat build of Trustee resource by running the following command: 

    $ curl http://127.0.0.1:8006/cdh/resource/default/attestation-status/status
    Copy to Clipboard Toggle word wrap

    Example output

    success #/
    Copy to Clipboard Toggle word wrap

You can deploy confidential containers workloads on Microsoft Azure Red Hat OpenShift.

3.1. Preparation
Copy link

Review these prerequisites and concepts before you deploy confidential containers on Azure Red Hat OpenShift.

3.1.1. Prerequisites
Copy link

  • You have deployed Red Hat build of Trustee on an OpenShift Container Platform cluster in a trusted environment. For more information, see Deploying Red Hat build of Trustee.

  • You have installed the latest version of Red Hat OpenShift Container Platform on the cluster where you are running your confidential containers workload.

    IMPORTANT

Microsoft Azure Red Hat OpenShift clusters use OpenShift Container Platform versions 4.17.26 or 4.18.26 by default. You must update your cluster to 4.17.45 or 4.18.31 before you deploy confidential containers. See Performing a cluster update in the OpenShift Container Platform documentation.

  • You have enabled ports 15150 and 9000 for communication in the subnet used for worker nodes and the pod virtual machine (VM). The ports enable communication between the Kata shim running on the worker node and the Kata agent running on the pod VM.

3.1.2. Outbound connections
Copy link

To enable peer pods to communicate with external networks, such as the public internet, you must configure outbound connectivity for the pod virtual machine (VM) subnet. This involves setting up a NAT gateway and, optionally, defining how the subnet integrates with your cluster’s virtual network (VNet) in Azure.

Peer pods and subnets
Peer pods operate in a dedicated Azure subnet that requires explicit configuration for outbound access. This subnet can either be the default worker subnet used by OpenShift Container Platform nodes or a separate, custom subnet created specifically for peer pods.
VNet peering
When using a separate subnet, VNet peering connects the peer pod VNet to the cluster’s VNet, ensuring internal communication while maintaining isolation. This requires non-overlapping CIDR ranges between the VNets.

You can configure outbound connectivity in two ways:

  • Default worker subnet: Modify the existing worker subnet to include a NAT gateway. This is simpler and reuses cluster resources, but it offers less isolation.
  • Peer pod VNet: Set up a dedicated VNet and subnet for peer pods, attach a NAT gateway, and peer it with the cluster VNet. This provides greater isolation and flexibility at the cost of additional complexity.

3.1.3. Peer pod resource requirements
Copy link

You must ensure that your cluster has sufficient resources.

Peer pod virtual machines (VMs) require resources in two locations:

  • The worker node. The worker node stores metadata, Kata shim resources (containerd-shim-kata-v2), remote-hypervisor resources (cloud-api-adaptor), and the tunnel setup between the worker nodes and the peer pod VM.
  • The cloud instance. This is the actual peer pod VM running in the cloud.

The CPU and memory resources used in the Kubernetes worker node are handled by the pod overhead included in the RuntimeClass (kata-remote) definition used for creating peer pods.

The total number of peer pod VMs running in the cloud is defined as Kubernetes Node extended resources. This limit is per node and is set by the PEERPODS_LIMIT_PER_NODE attribute in the peer-pods-cm config map.

The extended resource is named kata.peerpods.io/vm, and enables the Kubernetes scheduler to handle capacity tracking and accounting.

You can edit the limit per node based on the requirements for your environment after you install the OpenShift sandboxed containers Operator.

A mutating webhook adds the extended resource kata.peerpods.io/vm to the pod specification. It also removes any resource-specific entries from the pod specification, if present. This enables the Kubernetes scheduler to account for these extended resources, ensuring the peer pod is only scheduled when resources are available.

The mutating webhook modifies a Kubernetes pod as follows:

  • The mutating webhook checks the pod for the expected RuntimeClassName value, specified in the TARGET_RUNTIMECLASS environment variable. If the value in the pod specification does not match the value in the TARGET_RUNTIMECLASS, the webhook exits without modifying the pod.

  • If the RuntimeClassName values match, the webhook makes the following changes to the pod spec:

    1. The webhook removes every resource specification from the resources field of all containers and init containers in the pod.
    2. The webhook adds the extended resource (kata.peerpods.io/vm) to the spec by modifying the resources field of the first container in the pod. The extended resource kata.peerpods.io/vm is used by the Kubernetes scheduler for accounting purposes.
Note

The mutating webhook excludes specific system namespaces in OpenShift Container Platform from mutation. If a peer pod is created in those system namespaces, then resource accounting using Kubernetes extended resources does not work unless the pod spec includes the extended resource.

As a best practice, define a cluster-wide policy to only allow peer pod creation in specific namespaces.

3.1.4. Initdata
Copy link

The initdata specification provides a flexible way to initialize a pod with workload-specific data at runtime, avoiding the need to embed such data in the virtual machine (VM) image.

This approach enhances security by reducing the exposure of confidential information and improves flexibility by eliminating custom image builds. For example, initdata can include three configuration settings:

  • An X.509 certificate for secure communication.
  • A cryptographic key for authentication.
  • An optional Kata Agent policy.rego file to enforce runtime behavior when overriding the default Kata Agent policy.

The initdata content configures the following components:

  • Attestation Agent (AA), which verifies the trustworthiness of the pod by sending evidence for attestation.
  • Confidential Data Hub (CDH), which manages secrets and secure data access within the pod VM.
  • Kata Agent, which enforces runtime policies and manages the lifecycle of the containers inside the pod VM.

You create an initdata.toml file and convert it to a Base64-encoded, gzip-format string.

Then, you create a hash from the initdata file. This hash is required as a reference value for the Reference Value Provider Service (RVPS) config map for Red Hat build of Trustee.

3.2. Deployment overview
Copy link

You deploy confidential containers on Azure Red Hat OpenShift by performing the following steps:

  1. Prepare your network by configuring outbound connectivity for the peer pods.
  2. Install the OpenShift sandboxed containers Operator.
  3. Enable the confidential containers feature gate.
  4. Create initdata to initialize a peer pod with sensitive or workload-specific data at runtime.
  5. Create the peer pods config map. You can add initdata to the config map to create a default global configuration for your peer pods.
  6. Create the KataConfig CR.
  7. Verify the attestation process.
  8. You can add initdata to a pod manifest to override the global initdata configuration you set in the peer pods config map.
  9. Optional: If you select a container image from an authenticated registry, you must configure a pull secret for the pod.
  10. Optional: You can select a custom peer pod VM image.

3.3. Preparing your network
Copy link

You must prepare your network by configuring outbound connectivity for the peer pods. You can perform this task by using one of the following methods:

  • Add a NAT gateway to the default worker subnet. This method is simple and reuses cluster resources, but it offers less isolation.
  • Create a dedicated VNet and subnet for your peer pods, attach a NAT gateway, and peer it with the cluster VNet. This method is more complex but it provides greater isolation and flexibility.

3.3.1. Configuring the default worker subnet
Copy link

You can configure the default worker subnet for outbound connections by attaching a NAT gateway. This method is simple and reuses cluster resources, but it offers less isolation than a dedicated virtual network.

Prerequisites

  • The Azure CLI (az) is installed and authenticated.
  • You have administrator access to the Azure resource group and the VNet.

Procedure

  1. Set the AZURE_RESOURCE_GROUP environment variable by running the following command: 

    $ AZURE_RESOURCE_GROUP=$(oc get infrastructure/cluster \
    -o jsonpath='{.status.platformStatus.azure.resourceGroupName}')
    Copy to Clipboard Toggle word wrap

  2. Set the AZURE_REGION environment variable by running the following command: 

    $ AZURE_REGION=$(az group show --resource-group ${AZURE_RESOURCE_GROUP}\
    --query "{Location:location}" --output tsv) && \
    echo "AZURE_REGION: \"$AZURE_REGION\""
    Copy to Clipboard Toggle word wrap

  3. Set the AZURE_VNET_NAME environment variable by running the following command: 

    $ AZURE_VNET_NAME=$(az network vnet list \
    -g "${AZURE_RESOURCE_GROUP}" --query '[].name' -o tsv)
    Copy to Clipboard Toggle word wrap

  4. Set the AZURE_SUBNET_ID environment variable by running the following command: 

    $ AZURE_SUBNET_ID=$(az network vnet subnet list \
    --resource-group "${AZURE_RESOURCE_GROUP}" \
    --vnet-name "${AZURE_VNET_NAME}" --query "[].{Id:id} \
    | [? contains(Id, 'worker')]" --output tsv)
    Copy to Clipboard Toggle word wrap

  5. Set the NAT gateway environment variables for the peer pod subnet by running the following commands: 

    $ export PEERPOD_NAT_GW=peerpod-nat-gw
    Copy to Clipboard Toggle word wrap 
    $ export PEERPOD_NAT_GW_IP=peerpod-nat-gw-ip
    Copy to Clipboard Toggle word wrap

  6. Create a public IP address for the NAT gateway by running the following command: 

    $ az network public-ip create -g "${AZURE_RESOURCE_GROUP}" \
    -n "${PEERPOD_NAT_GW_IP}" -l "${AZURE_REGION}" --sku Standard
    Copy to Clipboard Toggle word wrap

  7. Create the NAT gateway and associate it with the public IP address by running the following command: 

    $ az network nat gateway create -g "${AZURE_RESOURCE_GROUP}" \
    -l "${AZURE_REGION}" --public-ip-addresses "${PEERPOD_NAT_GW_IP}" \
    -n "${PEERPOD_NAT_GW}"
    Copy to Clipboard Toggle word wrap

  8. Update the VNet subnet to use the NAT gateway by running the following command: 

    $ az network vnet subnet update --nat-gateway "${PEERPOD_NAT_GW}" \
    --ids "${AZURE_SUBNET_ID}"
    Copy to Clipboard Toggle word wrap

Verification

  • Confirm the NAT gateway is attached to the VNet subnet by running the following command: 

    $ az network vnet subnet show --ids "${AZURE_SUBNET_ID}" \
    --query "natGateway.id" -o tsv
    Copy to Clipboard Toggle word wrap

    The output contains the NAT gateway resource ID. If no NAT gateway is attached, the output is empty.

    Example output

    /subscriptions/12345678-1234-1234-1234-1234567890ab/resourceGroups/myResourceGroup/providers/Microsoft.Network/natGateways/myNatGateway
    Copy to Clipboard Toggle word wrap

You can configure outbound connections for peer pods by creating a dedicated virtual network (VNet). Then, you create a network address translation (NAT) gateway for the VNet, create a subnet within the VNet, and enable VNet peering with non-overlapping address spaces.

This method is more complex than creating a NAT gateway for the default worker subnet but it provides greater isolation and flexibility.

Prerequisites

  • The Azure CLI (az) is installed
  • You have signed in to Azure. See Authenticate to Azure using Azure CLI.
  • You have administrator access to the Azure resource group and VNet hosting the cluster.
  • You have verified the cluster VNet classless inter-domain routing (CIDR) address. The default value is 10.0.0.0/14. If you overrode the default value, you have ensured that you chose a non-overlapping CIDR address for the peer pod VNet. For example, 192.168.0.0/16.

Procedure

  1. Set the environmental variables for the peer pod network:

    1. Set the peer pod VNet environment variables by running the following commands: 

      $ export PEERPOD_VNET_NAME="${PEERPOD_VNET_NAME:-peerpod-vnet}"
      Copy to Clipboard Toggle word wrap 
      $ export PEERPOD_VNET_CIDR="${PEERPOD_VNET_CIDR:-192.168.0.0/16}"
      Copy to Clipboard Toggle word wrap

    2. Set the peer pod subnet environment variables by running the following commands: 

      $ export PEERPOD_SUBNET_NAME="${PEERPOD_SUBNET_NAME:-peerpod-subnet}"
      Copy to Clipboard Toggle word wrap 
      $ export PEERPOD_SUBNET_CIDR="${PEERPOD_SUBNET_CIDR:-192.168.0.0/16}"
      Copy to Clipboard Toggle word wrap

  2. Set the environmental variables for Azure: 

    $ AZURE_RESOURCE_GROUP=$(oc get infrastructure/cluster \
    -o jsonpath='{.status.platformStatus.azure.resourceGroupName}')
    Copy to Clipboard Toggle word wrap 
    $ AZURE_REGION=$(az group show --resource-group ${AZURE_RESOURCE_GROUP}\
    --query "{Location:location}" --output tsv) && \
    echo "AZURE_REGION: \"$AZURE_REGION\""
    Copy to Clipboard Toggle word wrap 
    $ AZURE_VNET_NAME=$(az network vnet list \
    -g "${AZURE_RESOURCE_GROUP}" --query '[].name' -o tsv)
    Copy to Clipboard Toggle word wrap

  3. Set the peer pod NAT gateway environment variables by running the following commands: 

    $ export PEERPOD_NAT_GW="${PEERPOD_NAT_GW:-peerpod-nat-gw}"
    Copy to Clipboard Toggle word wrap 
    $ export PEERPOD_NAT_GW_IP="${PEERPOD_NAT_PUBLIC_IP:-peerpod-nat-gw-ip}"
    Copy to Clipboard Toggle word wrap

  4. Configure the VNET:

    1. Create the peer pod VNet by running the following command: 

      $ az network vnet create --resource-group "${AZURE_RESOURCE_GROUP}" \
    --name "${PEERPOD_VNET_NAME}" \
    --address-prefixes "${PEERPOD_VNET_CIDR}"
      Copy to Clipboard Toggle word wrap

    2. Create a public IP address for the peer pod VNet by running the following command: 

      $ az network public-ip create -g "${AZURE_RESOURCE_GROUP}" \
    -n "${PEERPOD_NAT_GW_IP}" -l "${AZURE_REGION}"
      Copy to Clipboard Toggle word wrap

    3. Create a NAT gateway for the peer pod VNet by running the following command: 

      $ az network nat gateway create -g "${AZURE_RESOURCE_GROUP}" \
    -l "${AZURE_REGION}" \
    --public-ip-addresses "${PEERPOD_NAT_GW_IP}" \
    -n "${PEERPOD_NAT_GW}"
      Copy to Clipboard Toggle word wrap

    4. Create a subnet in the peer pod VNet and attach the NAT gateway by running the following command: 

      $ az network vnet subnet create \
    --resource-group "${AZURE_RESOURCE_GROUP}" \
    --vnet-name "${PEERPOD_VNET_NAME}" \
    --name "${PEERPOD_SUBNET_NAME}" \
    --address-prefixes "${PEERPOD_SUBNET_CIDR}" \
    --nat-gateway "${PEERPOD_NAT_GW}"
      Copy to Clipboard Toggle word wrap

  5. Configure the virtual network peering connection:

    1. Create the peering connection by running the following command: 

      $ az network vnet peering create -g "${AZURE_RESOURCE_GROUP}" \
    -n peerpod-azure-vnet-to-peerpod-vnet \
    --vnet-name "${AZURE_VNET_NAME}" \
    --remote-vnet "${PEERPOD_VNET_NAME}" --allow-vnet-access \
    --allow-forwarded-traffic
      Copy to Clipboard Toggle word wrap

    2. Sync the peering connection by running the following command: 

      $ az network vnet peering sync -g "${AZURE_RESOURCE_GROUP}" \
    -n peerpod-azure-vnet-to-peerpod-vnet \
    --vnet-name "${AZURE_VNET_NAME}"
      Copy to Clipboard Toggle word wrap

    3. Complete the peering connection by running the following command: 

      $ az network vnet peering create -g "${AZURE_RESOURCE_GROUP}" \
    -n peerpod-peerpod-vnet-to-azure-vnet \
    --vnet-name "${PEERPOD_VNET_NAME}" \
    --remote-vnet "${AZURE_VNET_NAME}" --allow-vnet-access \
    --allow-forwarded-traffic
      Copy to Clipboard Toggle word wrap

Verification

  1. Check the peering connection status from the cluster VNet by running the following command: 

    $ az network vnet peering show -g "${AZURE_RESOURCE_GROUP}" \
    -n peerpod-azure-vnet-to-peerpod-vnet \
    --vnet-name "${AZURE_VNET_NAME}" \
    --query "peeringState" -o tsv
    Copy to Clipboard Toggle word wrap

    This should return Connected.

  2. Verify that the NAT gateway is attached to the peer pod subnet by running the following command: 

    $ az network vnet subnet show --resource-group "${AZURE_RESOURCE_GROUP}" \
    --vnet-name "${PEERPOD_VNET_NAME}" --name "${PEERPOD_SUBNET_NAME}" \
    --query "natGateway.id" -o tsv
    Copy to Clipboard Toggle word wrap

You install the OpenShift sandboxed containers Operator by using the command line interface (CLI).

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.

Procedure

  1. Create an osc-namespace.yaml manifest file: 

    apiVersion: v1
kind: Namespace
metadata:
  name: openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

  2. Create the namespace by running the following command: 

    $ oc apply -f osc-namespace.yaml
    Copy to Clipboard Toggle word wrap

  3. Create an osc-operatorgroup.yaml manifest file: 

    apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: sandboxed-containers-operator-group
  namespace: openshift-sandboxed-containers-operator
spec:
  targetNamespaces:
  - openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

  4. Create the operator group by running the following command: 

    $ oc apply -f osc-operatorgroup.yaml
    Copy to Clipboard Toggle word wrap

  5. Create an osc-subscription.yaml manifest file: 

    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: sandboxed-containers-operator
  namespace: openshift-sandboxed-containers-operator
spec:
  channel: stable
  installPlanApproval: Automatic
  name: sandboxed-containers-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
  startingCSV: sandboxed-containers-operator.v1.11.1
    Copy to Clipboard Toggle word wrap

  6. Create the subscription by running the following command: 

    $ oc create -f osc-subscription.yaml
    Copy to Clipboard Toggle word wrap

  7. Verify that the Operator is correctly installed by running the following command: 

    $ oc get csv -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

    This command can take several minutes to complete.

  8. Watch the process by running the following command: 

    $ watch oc get csv -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                             DISPLAY                                  VERSION             REPLACES                   PHASE
openshift-sandboxed-containers   openshift-sandboxed-containers-operator  1.11.1    1.10.3        Succeeded
    Copy to Clipboard Toggle word wrap

3.5. Creating the osc-feature-gates config map
Copy link

You enable the confidential containers feature gate by creating the config map.

Procedure

  1. Create a my-feature-gate.yaml manifest file: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: osc-feature-gates
  namespace: openshift-sandboxed-containers-operator
data:
  confidential: "true"
  deploymentMode: <deployment_mode>
    Copy to Clipboard Toggle word wrap

    where

    <deployment_mode>

    On OpenShift Container Platform clusters with the Machine Config Operator (MCO), the deploymentMode field is optional and can be omitted. Specifies the strategy for installing and configuring the Kata runtime. Specify the deployment mode:

    • MachineConfig for clusters that always use the MCO
    • DaemonSet for clusters that never use the MCO
    • DaemonSetFallback for clusters that sometimes use the MCO

  2. Create the my-feature-gates config map by running the following command: 

    $ oc create -f my-feature-gate.yaml
    Copy to Clipboard Toggle word wrap

3.6. Creating initdata
Copy link

You create initdata to securely initialize a pod with sensitive or workload-specific data at runtime, thus avoiding the need to embed this data in a virtual machine image. This approach provides additional security by reducing the risk of exposure of confidential information and eliminates the need for custom image builds.

You can specify initdata in the pods config map, for global configuration, or in a pod manifest, for a specific pod. The initdata value in a pod manifest overrides the value set in the pods config map.

Important

In a production environment, you must create initdata to override the default permissive Kata agent policy.

You can specify initdata in the peer pods config map, for global configuration, or in a peer pod manifest, for a specific pod. The initdata value in a peer pod manifest overrides the value set in the peer pods config map.

Then, you generate a Platform Configuration Register (PCR) 8 hash from the initdata.toml file for the Reference Value Provider Service (RVPS) config map for Red Hat build of Trustee.

Red Hat build of Trustee uses the RVPS to validate attestation evidence sent by confidential workloads. The RVPS contains trusted reference values, such as file hashes, that are compared to the PCR measurements included in attestation requests. These hashes are not generated by Red Hat build of Trustee.

Important

You must delete the kbs_cert setting if you configure insecure_http = true in the kbs-config config map for Red Hat build of Trustee.

Procedure

  1. Obtain the Red Hat build of Trustee URL by running the following command: 

    $ TRUSTEE_URL=$(oc get route kbs-service \
  -n trustee-operator-system -o jsonpath='{.spec.host}') \
  && echo $TRUSTEE_URL
    Copy to Clipboard Toggle word wrap

  2. Create the initdata.toml file: 

    algorithm = "sha384"
version = "0.1.0"

[data]
"aa.toml" = '''
[token_configs]
[token_configs.coco_as]

url = '<trustee_url>'

[token_configs.kbs]
url = '<trustee_url>'
'''

"cdh.toml" = '''
socket = 'unix:///run/confidential-containers/cdh.sock'
credentials = []

[kbc]
name = 'cc_kbc'
url = '<trustee_url>'
kbs_cert = """
-----BEGIN CERTIFICATE-----
<kbs_certificate>
-----END CERTIFICATE-----
"""
[image]
image_security_policy_uri = 'kbs:///default/<secret-policy-name>/<key>
'''

"policy.rego" = '''
package agent_policy

default AddARPNeighborsRequest := true
default AddSwapRequest := true
default CloseStdinRequest := true
default CopyFileRequest := true
default CreateContainerRequest := true
default CreateSandboxRequest := true
default DestroySandboxRequest := true
default GetMetricsRequest := true
default GetOOMEventRequest := true
default GuestDetailsRequest := true
default ListInterfacesRequest := true
default ListRoutesRequest := true
default MemHotplugByProbeRequest := true
default OnlineCPUMemRequest := true
default PauseContainerRequest := true
default PullImageRequest := true
default ReadStreamRequest := false
default RemoveContainerRequest := true
default RemoveStaleVirtiofsShareMountsRequest := true
default ReseedRandomDevRequest := true
default ResumeContainerRequest := true
default SetGuestDateTimeRequest := true
default SignalProcessRequest := true
default StartContainerRequest := true
default StartTracingRequest := true
default StatsContainerRequest := true
default StopTracingRequest := true
default TtyWinResizeRequest := true
default UpdateContainerRequest := true
default UpdateEphemeralMountsRequest := true
default UpdateInterfaceRequest := true
default UpdateRoutesRequest := true
default WaitProcessRequest := true
default ExecProcessRequest := false
default SetPolicyRequest := false
default WriteStreamRequest := false

ExecProcessRequest if {
    input_command = concat(" ", input.process.Args)
    some allowed_command in policy_data.allowed_commands
    input_command == allowed_command
}

policy_data := {
  "allowed_commands": [
        "curl http://127.0.0.1:8006/cdh/resource/default/attestation-status/status"
  ]
}
'''
    Copy to Clipboard Toggle word wrap
    url
    Specify the Red Hat build of Trustee URL. If you configure the Red Hat build of Trustee with insecure_http for testing purposes, use HTTP. Otherwise, use HTTPS. For production systems, avoid using insecure_http unless you configure your environment to handle TLS externally, for example, with a proxy.
    <kbs_certificate>
    Specify the Base64-encoded TLS certificate for the attestation agent.
    kbs_cert
    Delete the kbs_cert setting if you configure insecure_http = true in the kbs-config config map for Red Hat build of Trustee.
    image_security_policy_uri
    Optional, only if you enabled the container image signature verification policy. Replace <secret-policy-name> and <key> with the secret name and key, respectively specified in Creating the KbsConfig custom resource.

  3. Convert the initdata.toml file to a gzipped, Base64-encoded string in a text file by running the following command: 

    $ cat initdata.toml | gzip | base64 -w0 > initdata.txt
    Copy to Clipboard Toggle word wrap

    Record this string to use in the peer pods config map or the peer pod manifest.

  4. Calculate the SHA-256 hash of an initdata.toml file and assign its value to the hash variable by running the following command: 

    $ hash=$(sha256sum initdata.toml | cut -d' ' -f1)
    Copy to Clipboard Toggle word wrap

  5. Assign 32 bytes of 0s to the initial_pcr variable by running the following command: 

    $ initial_pcr=0000000000000000000000000000000000000000000000000000000000000000
    Copy to Clipboard Toggle word wrap

  6. Calculate the SHA-256 hash of hash and initial_pcr and assign its value to the PCR8_HASH variable by running the following command: 

    $ PCR8_HASH=$(echo -n "$initial_pcr$hash" | xxd -r -p | sha256sum | cut -d' ' -f1) && echo $PCR8_HASH
    Copy to Clipboard Toggle word wrap

    Record the PCR8_HASH value for the RVPS config map.

3.7. Creating the peer pods config map
Copy link

You must create the peer pods config map.

Optional: Add initdata to the peer pods config map to create a default configuration for all peer pods.

Procedure

  1. Obtain the following values from your Azure instance:

    1. Retrieve and record the Azure resource group: 

      $ AZURE_RESOURCE_GROUP=$(oc get infrastructure/cluster \
  -o jsonpath='{.status.platformStatus.azure.resourceGroupName}') \
  && echo "AZURE_RESOURCE_GROUP: \"$AZURE_RESOURCE_GROUP\""
      Copy to Clipboard Toggle word wrap

    2. Retrieve and record the Azure VNet name: 

      $ AZURE_VNET_NAME=$(az network vnet list \
  --resource-group ${AZURE_RESOURCE_GROUP} \
  --query "[].{Name:name}" --output tsv)
      Copy to Clipboard Toggle word wrap

      This value is used to retrieve the Azure subnet ID.

    3. Retrieve and record the Azure subnet ID: 

      $ AZURE_SUBNET_ID=$(az network vnet subnet list \
  --resource-group ${AZURE_RESOURCE_GROUP} --vnet-name $AZURE_VNET_NAME \
  --query "[].{Id:id} | [? contains(Id, 'worker')]" --output tsv) \
   && echo "AZURE_SUBNET_ID: \"$AZURE_SUBNET_ID\""
      Copy to Clipboard Toggle word wrap

    4. Retrieve and record the Azure network security group (NSG) ID: 

      $ AZURE_NSG_ID=$(az network nsg list --resource-group ${AZURE_RESOURCE_GROUP} \
  --query "[].{Id:id}" --output tsv) && echo "AZURE_NSG_ID: \"$AZURE_NSG_ID\""
      Copy to Clipboard Toggle word wrap

    5. Retrieve and record the Azure region: 

      $ AZURE_REGION=$(az group show --resource-group ${AZURE_RESOURCE_GROUP} \
  --query "{Location:location}" --output tsv) \
  && echo "AZURE_REGION: \"$AZURE_REGION\""
      Copy to Clipboard Toggle word wrap

  2. Create a peer-pods-cm.yaml manifest file according to the following example: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: peer-pods-cm
  namespace: openshift-sandboxed-containers-operator
data:
  CLOUD_PROVIDER: "azure"
  VXLAN_PORT: "9000"
  PROXY_TIMEOUT: "5m"
  AZURE_INSTANCE_SIZE: "Standard_DC2as_v5"
  AZURE_INSTANCE_SIZES: "Standard_DC2as_v5,Standard_DC4as_v5,Standard_DC8as_v5"
  AZURE_SUBNET_ID: "<azure_subnet_id>"
  AZURE_NSG_ID: "<azure_nsg_id>"
  AZURE_IMAGE_ID: ""
  AZURE_REGION: "<azure_region>"
  AZURE_RESOURCE_GROUP: "<azure_resource_group>"
  TAGS: "key1=value1,key2=value2"
  PEERPODS_LIMIT_PER_NODE: "10"
  ROOT_VOLUME_SIZE: "6"
  DISABLECVM: "false"
  INITDATA: "<initdata_string>"
    Copy to Clipboard Toggle word wrap
    AZURE_INSTANCE_SIZE
    Defines the default instance size that is used if the instance size is not defined in the workload object. "Standard_DC2as_v5" is for AMD SEV-SNP. If your TEE is Intel® Trust Domain Extensions (TDX), specify Standard_EC4eds_v5.
    AZURE_IMAGE_ID
    Leave this value empty. When you install the Operator, a Job is scheduled to download the default pod VM image from the Red Hat Ecosystem Catalog and upload it to the Azure Image Gallery within the same Azure Resource Group as the OpenShift Container Platform cluster. This image provides root disk integrity protection (dm-verity) and encrypted container storage. See Confidential VMs: The core of confidential containers for details.
    AZURE_INSTANCE_SIZES
    Specify the allowed instance sizes, without spaces, for creating the pod. You can define smaller instance sizes for workloads that need less memory and fewer CPUs or larger instance sizes for larger workloads.
    TAGS
    You can configure custom tags as key:value pairs for pod VM instances to track peer pod costs or to identify peer pods in different clusters.
    PEERPODS_LIMIT_PER_NODE
    You can increase this value to run more peer pods on a node. The default value is 10.
    ROOT_VOLUME_SIZE
    You can increase this value for pods with larger container images. Specify the root volume size in gigabytes for the pod VM. The default and minimum size is 6 GB.
    INITDATA
    Specify the initdata string to create a default configuration for all peer pods. If you add initdata to a peer pod manifest, that setting overrides this global configuration.

  3. Create the config map by running the following command: 

    $ oc create -f peer-pods-cm.yaml
    Copy to Clipboard Toggle word wrap

3.8. Applying initdata to a pod
Copy link

You can override the global INITDATA setting you applied in the peer pods config map by applying customized initdata to a specific pod for special use cases, such as development and testing with a relaxed policy, or when using different Red Hat build of Trustee configurations. You can customize initdata by adding an annotation to the workload pod YAML.

Prerequisite

  • You have created an initdata string.

Procedure

  1. Add the initdata string to the pod manifest: 

    apiVersion: v1
kind: Pod
metadata:
  name: ocp-cc-pod
  labels:
    app: ocp-cc-pod
  annotations:
    io.katacontainers.config.hypervisor.cc_init_data: <initdata_string>
spec:
  runtimeClassName: kata-remote
  containers:
  - name: <container_name>
    image: registry.access.redhat.com/ubi9/ubi:latest
    command:
    - sleep
    - "36000"
    securityContext:
      privileged: false
      seccompProfile:
        type: RuntimeDefault
    Copy to Clipboard Toggle word wrap

  2. Create the pod by running the following command: 

    $ oc create -f my-pod.yaml
    Copy to Clipboard Toggle word wrap

3.9. Creating the KataConfig custom resource
Copy link

You must create the KataConfig custom resource (CR) to install kata-remote as a runtime class on your worker nodes.

OpenShift sandboxed containers installs kata-remote as a secondary, optional runtime on the cluster and not as the primary runtime.

Creating the KataConfig CR automatically reboots the worker nodes. The reboot can take from 10 to more than 60 minutes. The following factors can increase the reboot time:

  • A large OpenShift Container Platform deployment with a greater number of worker nodes.
  • Activation of the BIOS and Diagnostics utility.
  • Deployment on a hard disk drive rather than an SSD.
  • Deployment on physical nodes such as bare metal, rather than on virtual nodes.
  • A slow CPU and network.

Procedure

  1. Create an example-kataconfig.yaml manifest file according to the following example: 

    apiVersion: kataconfiguration.openshift.io/v1
kind: KataConfig
metadata:
  name: example-kataconfig
spec:

  enablePeerPods: true

  logLevel: info
#  kataConfigPoolSelector:
#    matchLabels:
#      <label_key>: '<label_value>'
    1
    Copy to Clipboard Toggle word wrap
    1
    Optional: If you have applied node labels to install kata-remote on specific nodes, specify the key and value, for example, cc: 'true'.

  2. Create the KataConfig CR by running the following command: 

    $ oc create -f example-kataconfig.yaml
    Copy to Clipboard Toggle word wrap

    The new KataConfig CR is created and installs kata-remote as a runtime class on the worker nodes.

    Wait for the kata-remote installation to complete and the worker nodes to reboot before verifying the installation.

  3. Monitor the installation progress by running the following command: 

    $ watch "oc describe kataconfig | sed -n /^Status:/,/^Events/p"
    Copy to Clipboard Toggle word wrap

    When the status of all workers under kataNodes is installed and the condition InProgress is False without specifying a reason, the kata-remote is installed on the cluster.

  4. Verify the daemon set by running the following command: 

    $ oc get -n openshift-sandboxed-containers-operator ds/osc-caa-ds
    Copy to Clipboard Toggle word wrap

  5. Verify the runtime classes by running the following command: 

    $ oc get runtimeclass
    Copy to Clipboard Toggle word wrap

    Example output

    NAME             HANDLER          AGE
kata-remote      kata-remote      152m
    Copy to Clipboard Toggle word wrap

3.10. Verifying attestation
Copy link

You can verify the attestation process by creating a test pod to retrieve a specific resource from Red Hat build of Trustee.

Important

This procedure is an example to verify that attestation is working. Do not write sensitive data to standard I/O, because the data can be captured by using a memory dump. Only data written to memory is encrypted.

Procedure

  1. Create a test-pod.yaml manifest file: 

    apiVersion: v1
kind: Pod
metadata:
  name: ocp-cc-pod
  labels:
    app: ocp-cc-pod
  annotations:
    io.katacontainers.config.hypervisor.cc_init_data: <initdata_string>
    1 
    
spec:
  runtimeClassName: kata-remote
  containers:
    - name: skr-openshift
      image: registry.access.redhat.com/ubi9/ubi:latest
      command:
        - sleep
        - "36000"
      securityContext:
        privileged: false
        seccompProfile:
          type: RuntimeDefault
    Copy to Clipboard Toggle word wrap
    1
    Optional: Setting initdata in a pod annotation overrides the global INITDATA setting in the peer pods config map.

  2. Create the pod by running the following command: 

    $ oc create -f test-pod.yaml
    Copy to Clipboard Toggle word wrap

  3. Log in to the pod by running the following command: 

    $ oc exec -it ocp-cc-pod -- bash
    Copy to Clipboard Toggle word wrap

  4. Fetch the Red Hat build of Trustee resource by running the following command: 

    $ curl http://127.0.0.1:8006/cdh/resource/default/attestation-status/status
    Copy to Clipboard Toggle word wrap

    Example output

    success #/
    Copy to Clipboard Toggle word wrap

3.11. Configuring a pull secret for peer pods
Copy link

If you select a custom peer pod VM image from a private registry such as registry.access.redhat.com, you must configure a pull secret for peer pods.

Then, you can link the pull secret to the default service account or you can specify the pull secret in the peer pod manifest.

Procedure

  1. Set the NS variable to the namespace where you deploy your peer pods: 

    $ NS=<namespace>
    Copy to Clipboard Toggle word wrap

  2. Copy the pull secret to the peer pod namespace: 

    $ oc get secret pull-secret -n openshift-config -o yaml \
  | sed "s/namespace: openshift-config/namespace: ${NS}/" \
  | oc apply -n "${NS}" -f -
    Copy to Clipboard Toggle word wrap

    You can use the cluster pull secret, as in this example, or a custom pull secret.

  3. Optional: Link the pull secret to the default service account: 

    $ oc secrets link default pull-secret --for=pull -n ${NS}
    Copy to Clipboard Toggle word wrap

  4. Alternatively, add the pull secret to the peer pod manifest: 

    apiVersion: v1
kind: <Pod>
spec:
  containers:
  - name: <container_name>
    image: <image_name>
  imagePullSecrets:
  - name: pull-secret
# ...
    Copy to Clipboard Toggle word wrap

3.12. Selecting a custom peer pod VM image
Copy link

You can select a custom peer pod virtual machine (VM) image, tailored to your workload requirements, by adding an annotation to the pod manifest. The custom image overrides the default image specified in the peer pods config map.

Prerequisites

  • If the custom peer pod VM image is in a private registry, you have created a pull secret.
  • You have the ID of a custom pod VM image, which is compatible with your cloud provider or hypervisor.

Procedure

  1. Create a my-pod-manifest.yaml file according to the following example: 

    apiVersion: v1
kind: Pod
metadata:
  name: my-pod-manifest
  annotations:
    io.katacontainers.config.hypervisor.image: "<custom_image_id>"
spec:
  runtimeClassName: kata-remote
  containers:
  - name: <example_container>
    image: registry.access.redhat.com/ubi9/ubi:9.3
    command: ["sleep", "36000"]
    Copy to Clipboard Toggle word wrap

  2. Create the pod by running the following command: 

    $ oc create -f my-pod-manifest.yaml
    Copy to Clipboard Toggle word wrap

You can deploy confidential containers workloads on a Red Hat OpenShift Container Platform cluster running on IBM Z® and IBM® LinuxONE with peer pods.

In the peer pod approach, you leverage libvirt as the provider to launch peer pod virtual machines (VMs) on a logical partition (LPAR). The OpenShift Container Platform cluster is hosted on the same LPAR, either as a single-node or multi-node setup, where all nodes run as VMs (guests).

This approach enables flexible resource sharing and isolation in a virtualized environment, making it suitable for development, testing, or workloads that need isolation without requiring dedicated hardware.

Important

Confidential containers on IBM Z® and IBM® LinuxONE is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

4.1. Preparation
Copy link

Review these prerequisites and concepts before you deploy confidential containers on IBM Z® and IBM® LinuxONE with peer pods.

Note

IBM® Hyper Protect Confidential Container (HPCC) for Red Hat OpenShift Container Platform is now production-ready. HPCC enables Confidential Computing technology at the enterprise scale by providing a multiparty Hyper Protect Contract, deployment attestation, and validation of container runtime and OCI image integrity.

HPCC is supported by IBM Z17® and IBM® LinuxONE Emperor 5. For more information, see the IBM HPCC documentation.

4.1.1. Prerequisites
Copy link

  • You have deployed Red Hat build of Trustee on an OpenShift Container Platform cluster in a trusted environment. For more information, see Deploying Red Hat build of Trustee.
  • You have installed the latest version of Red Hat OpenShift Container Platform on the cluster where you are running your confidential containers workload.
  • You are using LinuxONE Emperor 4 or later.
  • You have enabled Secure Unpack Facility on your Logical Partition (LPAR), which is necessary for the IBM Secure Execution. For more information, see Enabling the KVM host for IBM Secure Execution.

4.1.2. Peer pod resource requirements
Copy link

You must ensure that your cluster has sufficient resources.

Peer pod virtual machines (VMs) require resources in two locations:

  • The worker node. The worker node stores metadata, Kata shim resources (containerd-shim-kata-v2), remote-hypervisor resources (cloud-api-adaptor), and the tunnel setup between the worker nodes and the peer pod VM.
  • The cloud instance. This is the actual peer pod VM running in the cloud.

The CPU and memory resources used in the Kubernetes worker node are handled by the pod overhead included in the RuntimeClass (kata-remote) definition used for creating peer pods.

The total number of peer pod VMs running in the cloud is defined as Kubernetes Node extended resources. This limit is per node and is set by the PEERPODS_LIMIT_PER_NODE attribute in the peer-pods-cm config map.

The extended resource is named kata.peerpods.io/vm, and enables the Kubernetes scheduler to handle capacity tracking and accounting.

You can edit the limit per node based on the requirements for your environment after you install the OpenShift sandboxed containers Operator.

A mutating webhook adds the extended resource kata.peerpods.io/vm to the pod specification. It also removes any resource-specific entries from the pod specification, if present. This enables the Kubernetes scheduler to account for these extended resources, ensuring the peer pod is only scheduled when resources are available.

The mutating webhook modifies a Kubernetes pod as follows:

  • The mutating webhook checks the pod for the expected RuntimeClassName value, specified in the TARGET_RUNTIMECLASS environment variable. If the value in the pod specification does not match the value in the TARGET_RUNTIMECLASS, the webhook exits without modifying the pod.

  • If the RuntimeClassName values match, the webhook makes the following changes to the pod spec:

    1. The webhook removes every resource specification from the resources field of all containers and init containers in the pod.
    2. The webhook adds the extended resource (kata.peerpods.io/vm) to the spec by modifying the resources field of the first container in the pod. The extended resource kata.peerpods.io/vm is used by the Kubernetes scheduler for accounting purposes.
Note

The mutating webhook excludes specific system namespaces in OpenShift Container Platform from mutation. If a peer pod is created in those system namespaces, then resource accounting using Kubernetes extended resources does not work unless the pod spec includes the extended resource.

As a best practice, define a cluster-wide policy to only allow peer pod creation in specific namespaces.

4.1.3. Initdata
Copy link

The initdata specification provides a flexible way to initialize a pod with workload-specific data at runtime, avoiding the need to embed such data in the virtual machine (VM) image.

This approach enhances security by reducing the exposure of confidential information and improves flexibility by eliminating custom image builds. For example, initdata can include three configuration settings:

  • An X.509 certificate for secure communication.
  • A cryptographic key for authentication.
  • An optional Kata Agent policy.rego file to enforce runtime behavior when overriding the default Kata Agent policy.

The initdata content configures the following components:

  • Attestation Agent (AA), which verifies the trustworthiness of the pod by sending evidence for attestation.
  • Confidential Data Hub (CDH), which manages secrets and secure data access within the pod VM.
  • Kata Agent, which enforces runtime policies and manages the lifecycle of the containers inside the pod VM.

You create an initdata.toml file and convert it to a Base64-encoded, gzip-format string.

4.2. Deployment overview
Copy link

You deploy confidential containers on IBM Z® and IBM® LinuxONE with peer pods by performing the following steps:

  1. Install the OpenShift sandboxed containers Operator.
  2. Create the peer pods secret.
  3. Enable the confidential containers feature gate.
  4. Create initdata to initialize a peer pod with sensitive or workload-specific data at runtime.

  5. Create initdata to initialize a pod with sensitive or workload-specific data at runtime.

    Important

    Do not use the default permissive Kata Agent policy in a production environment. You must configure a restrictive policy, preferably by creating initdata.

    As a minimum requirement, you must disable ExecProcessRequest to prevent a cluster administrator from accessing sensitive data by running the oc exec command on a confidential containers pod.

  6. Create the peer pods config map. You can add initdata to the config map to create a default global configuration for your peer pods.
  7. Create the KataConfig CR.
  8. Verify the attestation process.

You can install or upgrade the OpenShift sandboxed containers Operator by using the command line interface (CLI).

Note

You must configure the OpenShift sandboxed containers Operator subscription for manual updates by setting the value of installPlanApproval to Manual. Automatic updates are not supported.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.

Procedure

  1. Create an osc-namespace.yaml manifest file: 

    apiVersion: v1
kind: Namespace
metadata:
  name: openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

  2. Create the namespace by running the following command: 

    $ oc apply -f osc-namespace.yaml
    Copy to Clipboard Toggle word wrap

  3. Create an osc-operatorgroup.yaml manifest file: 

    apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: sandboxed-containers-operator-group
  namespace: openshift-sandboxed-containers-operator
spec:
  targetNamespaces:
  - openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

  4. Create the operator group by running the following command: 

    $ oc apply -f osc-operatorgroup.yaml
    Copy to Clipboard Toggle word wrap

  5. Create an osc-subscription.yaml manifest file: 

    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: sandboxed-containers-operator
  namespace: openshift-sandboxed-containers-operator
spec:
  channel: stable
  installPlanApproval: Manual
  name: sandboxed-containers-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
  startingCSV: sandboxed-containers-operator.v1.11.1
    Copy to Clipboard Toggle word wrap

  6. Create the subscription by running the following command: 

    $ oc create -f osc-subscription.yaml
    Copy to Clipboard Toggle word wrap

  7. Get the InstallPlan CR for the OpenShift sandboxed containers Operator by running the following command: 

    $ oc get installplan -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

    • Installation example output 

      NAME            CSV                                      APPROVAL  APPROVED
install-bl4fl   sandboxed-containers-operator.v1.11.1    Manual    false
      Copy to Clipboard Toggle word wrap

    • Upgrade example output 

      NAME            CSV                                     APPROVAL   APPROVED
install-jdzrb   sandboxed-containers-operator.v1.11.1   Manual     false
install-pfk8l   sandboxed-containers-operator.v1.10.3   Manual     true
      Copy to Clipboard Toggle word wrap

  8. Approve the manual installation by running the following command: 

    $ oc patch installplan <installplan_name> -p '{"spec":{"approved":true}}' --type=merge -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap
    <installplan_name>
    Specify the InstallPlan resource. For example, install-jdzrb.

  9. Verify that the Operator is correctly installed by running the following command: 

    $ oc get csv -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

    This command can take several minutes to complete.

  10. Watch the process by running the following command: 

    $ watch oc get csv -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                             DISPLAY                                  VERSION             REPLACES                   PHASE
openshift-sandboxed-containers   openshift-sandboxed-containers-operator  1.11.1    1.10.3        Succeeded
    Copy to Clipboard Toggle word wrap

4.4. Creating the peer pods secret
Copy link

You must create a peer pods secret. The secret stores credentials for creating the pod virtual machine (VM) image and peer pod instances.

Prerequisites

  • LIBVIRT_URI. This value is the default gateway IP address of the libvirt network. Check your libvirt network setup to obtain this value.

    Note

    If libvirt uses the default bridge virtual network, you can obtain the LIBVIRT_URI by running the following commands: 

    $ virtint=$(bridge_line=$(virsh net-info default | grep Bridge);  echo "${bridge_line//Bridge:/}" | tr -d [:blank:])

$ LIBVIRT_URI=$( ip -4 addr show $virtint | grep -oP '(?<=inet\s)\d+(\.\d+){3}')

$ LIBVIRT_GATEWAY_URI="qemu+ssh://root@${LIBVIRT_URI}/system?no_verify=1"
    Copy to Clipboard Toggle word wrap
  • REDHAT_OFFLINE_TOKEN. You have generated this token to download the RHEL image at Red Hat API Tokens.
  • HOST_KEY_CERTS. The Host Key Document (HKD) certificate enables secure execution on IBM Z®. For more information, see Obtaining a host key document from Resource Link in the IBM documentation.

Procedure

  1. Create a peer-pods-secret.yaml manifest file according to the following example: 

    apiVersion: v1
kind: Secret
metadata:
  name: peer-pods-secret
  namespace: openshift-sandboxed-containers-operator
type: Opaque
stringData:
  CLOUD_PROVIDER: "libvirt"
  LIBVIRT_URI: "<libvirt_gateway_uri>"
    1 
    
  REDHAT_OFFLINE_TOKEN: "<rh_offline_token>"
    2 
    
  HOST_KEY_CERTS: "<host_key_crt_value>"
    3
    Copy to Clipboard Toggle word wrap
    1
    Specify the libvirt URI.
    2
    Specify the Red Hat offline token, which is required for the Operator-built image.
    3
    Specify the HKD certificate value to enable IBM Secure Execution for the Operator-built image.

  2. Create the secret by running the following command: 

    $ oc create -f peer-pods-secret.yaml
    Copy to Clipboard Toggle word wrap

4.5. Creating the osc-feature-gates config map
Copy link

You enable the confidential containers feature gate by creating the config map.

Procedure

  1. Create a my-feature-gate.yaml manifest file: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: osc-feature-gates
  namespace: openshift-sandboxed-containers-operator
data:
  confidential: "true"
  deploymentMode: <deployment_mode>
    Copy to Clipboard Toggle word wrap

    where

    <deployment_mode>

    On OpenShift Container Platform clusters with the Machine Config Operator (MCO), the deploymentMode field is optional and can be omitted. Specifies the strategy for installing and configuring the Kata runtime. Specify the deployment mode:

    • MachineConfig for clusters that always use the MCO
    • DaemonSet for clusters that never use the MCO
    • DaemonSetFallback for clusters that sometimes use the MCO

  2. Create the my-feature-gates config map by running the following command: 

    $ oc create -f my-feature-gate.yaml
    Copy to Clipboard Toggle word wrap

4.6. Creating initdata
Copy link

You create initdata to securely initialize a pod with sensitive or workload-specific data at runtime, thus avoiding the need to embed this data in a virtual machine image. This approach provides additional security by reducing the risk of exposure of confidential information and eliminates the need for custom image builds.

You can specify initdata in the pods config map, for global configuration, or in a pod manifest, for a specific pod. The initdata value in a pod manifest overrides the value set in the pods config map.

Important

In a production environment, you must create initdata to override the default permissive Kata agent policy.

You can specify initdata in the peer pods config map, for global configuration, or in a peer pod manifest, for a specific pod. The initdata value in a peer pod manifest overrides the value set in the peer pods config map.

Important

You must delete the kbs_cert setting if you configure insecure_http = true in the kbs-config config map for Red Hat build of Trustee.

Procedure

  1. Obtain the Red Hat build of Trustee IP address by running the following command: 

    $ oc get node $(oc get pod -n trustee-operator-system \
  -o jsonpath='{.items[0].spec.nodeName}') \
  -o jsonpath='{.status.addresses[?(@.type=="InternalIP")].address}'
    Copy to Clipboard Toggle word wrap

    Example output

    192.168.122.22
    Copy to Clipboard Toggle word wrap

  2. Obtain the port by running the following command: 

    $ oc get svc kbs-service -n trustee-operator-system
    Copy to Clipboard Toggle word wrap

    Example output

    NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
kbs-service  NodePort    172.30.116.11   <none>        8080:32178/TCP   12d
    Copy to Clipboard Toggle word wrap

  3. Create the initdata.toml file: 

    algorithm = "sha384"
version = "0.1.0"

[data]
"aa.toml" = '''
[token_configs]
[token_configs.coco_as]

url = '<trustee_url>'

[token_configs.kbs]
url = '<trustee_url>'
'''

"cdh.toml" = '''
socket = 'unix:///run/confidential-containers/cdh.sock'
credentials = []

[kbc]
name = 'cc_kbc'
url = '<trustee_url>'
kbs_cert = """
-----BEGIN CERTIFICATE-----
<kbs_certificate>
-----END CERTIFICATE-----
"""
[image]
image_security_policy_uri = 'kbs:///default/<secret-policy-name>/<key>
'''

"policy.rego" = '''
package agent_policy

default AddARPNeighborsRequest := true
default AddSwapRequest := true
default CloseStdinRequest := true
default CopyFileRequest := true
default CreateContainerRequest := true
default CreateSandboxRequest := true
default DestroySandboxRequest := true
default GetMetricsRequest := true
default GetOOMEventRequest := true
default GuestDetailsRequest := true
default ListInterfacesRequest := true
default ListRoutesRequest := true
default MemHotplugByProbeRequest := true
default OnlineCPUMemRequest := true
default PauseContainerRequest := true
default PullImageRequest := true
default ReadStreamRequest := true
default RemoveContainerRequest := true
default RemoveStaleVirtiofsShareMountsRequest := true
default ReseedRandomDevRequest := true
default ResumeContainerRequest := true
default SetGuestDateTimeRequest := true
default SignalProcessRequest := true
default StartContainerRequest := true
default StartTracingRequest := true
default StatsContainerRequest := true
default StopTracingRequest := true
default TtyWinResizeRequest := true
default UpdateContainerRequest := true
default UpdateEphemeralMountsRequest := true
default UpdateInterfaceRequest := true
default UpdateRoutesRequest := true
default WaitProcessRequest := true
default ExecProcessRequest := false
default SetPolicyRequest := false
default WriteStreamRequest := false

ExecProcessRequest if {
    input_command = concat(" ", input.process.Args)
    some allowed_command in policy_data.allowed_commands
    input_command == allowed_command
}

policy_data := {
  "allowed_commands": [
        "curl http://127.0.0.1:8006/cdh/resource/default/attestation-status/status"
  ]
}
'''
    Copy to Clipboard Toggle word wrap
    url
    Specify the Red Hat build of Trustee IP address and the port, for example, https://192.168.122.22:32178.
    <kbs_certificate>
    Specify the Base64-encoded TLS certificate for the attestation agent.
    kbs_cert
    Delete the kbs_cert setting if you configure insecure_http = true in the kbs-config config map for Red Hat build of Trustee.
    image_security_policy_uri
    Optional, only if you enabled the container image signature verification policy. Replace <secret-policy-name> and <key> with the secret name and key, respectively specified in Creating the KbsConfig custom resource.

  4. Convert the initdata.toml file to a gzipped, Base64-encoded string in a text file by running the following command: 

    $ cat initdata.toml | gzip | base64 -w0 > initdata.txt
    Copy to Clipboard Toggle word wrap

    Record this string to use in the peer pods config map or the peer pod manifest.

4.7. Creating the peer pods config map
Copy link

You must create the peer pods config map.

Optional: Add initdata to the peer pods config map to create a default configuration for all peer pods.

Procedure

  1. Create a peer-pods-cm.yaml manifest file according to the following example: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: peer-pods-cm
  namespace: openshift-sandboxed-containers-operator
data:
  CLOUD_PROVIDER: "libvirt"
  LIBVIRT_POOL: "<libvirt_pool>"
  LIBVIRT_VOL_NAME: "<libvirt_volume>"
  LIBVIRT_DIR_NAME: "/var/lib/libvirt/images/<directory_name>"
  LIBVIRT_NET: "default"
  PEERPODS_LIMIT_PER_NODE: "10"
  ROOT_VOLUME_SIZE: "6"
  DISABLECVM: "false"
  INITDATA: "<initdata_string>"
    Copy to Clipboard Toggle word wrap
    LIBVIRT_POOL
    If you have manually configured the libvirt pool, use the same name as in your KVM host configuration.
    LIBVIRT_VOL_NAME
    If you have manually configured the libvirt volume, use the same name as in your KVM host configuration.
    LIBVIRT_DIR_NAME
    Specify the libvirt directory for storing virtual machine disk images, such as .qcow2, or .raw files. To ensure libvirt has read and write access permissions, use a subdirectory of the libvirt storage directory. The default is /var/lib/libvirt/images/.
    LIBVIRT_NET
    Specify a libvirt network if you do not want to use the default network.
    PEERPODS_LIMIT_PER_NODE
    You can increase this value to run more peer pods on a node. The default value is 10.
    ROOT_VOLUME_SIZE
    You can increase this value for pods with larger container images. Specify the root volume size in gigabytes for the pod VM. The default and minimum size is 6 GB.
    INITDATA
    Specify the initdata string to create a default configuration for all peer pods. If you add initdata to a peer pod manifest, that setting overrides this global configuration.

  2. Create the config map by running the following command: 

    $ oc create -f peer-pods-cm.yaml
    Copy to Clipboard Toggle word wrap

4.8. Applying initdata to a pod
Copy link

You can override the global INITDATA setting you applied in the peer pods config map by applying customized initdata to a specific pod for special use cases, such as development and testing with a relaxed policy, or when using different Red Hat build of Trustee configurations. You can customize initdata by adding an annotation to the workload pod YAML.

Prerequisite

  • You have created an initdata string.

Procedure

  1. Add the initdata string to the pod manifest: 

    apiVersion: v1
kind: Pod
metadata:
  name: ocp-cc-pod
  labels:
    app: ocp-cc-pod
  annotations:
    io.katacontainers.config.hypervisor.cc_init_data: <initdata_string>
spec:
  runtimeClassName: kata-remote
  containers:
  - name: <container_name>
    image: registry.access.redhat.com/ubi9/ubi:latest
    command:
    - sleep
    - "36000"
    securityContext:
      privileged: false
      seccompProfile:
        type: RuntimeDefault
    Copy to Clipboard Toggle word wrap

  2. Create the pod by running the following command: 

    $ oc create -f my-pod.yaml
    Copy to Clipboard Toggle word wrap

4.9. Creating the KataConfig custom resource
Copy link

You must create the KataConfig custom resource (CR) to install kata-remote as a runtime class on your worker nodes.

OpenShift sandboxed containers installs kata-remote as a secondary, optional runtime on the cluster and not as the primary runtime.

Creating the KataConfig CR automatically reboots the worker nodes. The reboot can take from 10 to more than 60 minutes. The following factors can increase the reboot time:

  • A large OpenShift Container Platform deployment with a greater number of worker nodes.
  • Activation of the BIOS and Diagnostics utility.
  • Deployment on a hard disk drive rather than an SSD.
  • Deployment on physical nodes such as bare metal, rather than on virtual nodes.
  • A slow CPU and network.

Procedure

  1. Create an example-kataconfig.yaml manifest file according to the following example: 

    apiVersion: kataconfiguration.openshift.io/v1
kind: KataConfig
metadata:
  name: example-kataconfig
spec:

  enablePeerPods: true

  logLevel: info
#  kataConfigPoolSelector:
#    matchLabels:
#      <label_key>: '<label_value>'
    1
    Copy to Clipboard Toggle word wrap
    1
    Optional: If you have applied node labels to install kata-remote on specific nodes, specify the key and value, for example, cc: 'true'.

  2. Create the KataConfig CR by running the following command: 

    $ oc create -f example-kataconfig.yaml
    Copy to Clipboard Toggle word wrap

    The new KataConfig CR is created and installs kata-remote as a runtime class on the worker nodes.

    Wait for the kata-remote installation to complete and the worker nodes to reboot before verifying the installation.

  3. Monitor the installation progress by running the following command: 

    $ watch "oc describe kataconfig | sed -n /^Status:/,/^Events/p"
    Copy to Clipboard Toggle word wrap

    When the status of all workers under kataNodes is installed and the condition InProgress is False without specifying a reason, the kata-remote is installed on the cluster.

  4. Verify that you have built the peer pod image and uploaded it to the libvirt volume by running the following command: 

    $ oc describe configmap peer-pods-cm -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

    Example output

    Name: peer-pods-cm
Namespace: openshift-sandboxed-containers-operator
Labels: <none>
Annotations: <none>

Data
====
CLOUD_PROVIDER: libvirt
DISABLECVM: false
    1 
    
LIBVIRT_IMAGE_ID: fa-pp-vol
    2 
    

BinaryData
====
Events: <none>
    Copy to Clipboard Toggle word wrap

    1
    Enables the Confidential VM during IBM Secure Execution for the Operator-built image.
    2
    Contains a value if you have built the peer pod image and uploaded it to the libvirt volume.

  5. Monitor the kata-oc machine config pool progress to ensure that it is in the UPDATED state, when UPDATEDMACHINECOUNT equals MACHINECOUNT, by running the following command: 

    $ watch oc get mcp/kata-oc
    Copy to Clipboard Toggle word wrap

  6. Verify the daemon set by running the following command: 

    $ oc get -n openshift-sandboxed-containers-operator ds/osc-caa-ds
    Copy to Clipboard Toggle word wrap

  7. Verify the runtime classes by running the following command: 

    $ oc get runtimeclass
    Copy to Clipboard Toggle word wrap

    Example output

    NAME             HANDLER          AGE
kata-remote      kata-remote      152m
    Copy to Clipboard Toggle word wrap

4.10. Verifying attestation
Copy link

You can verify the attestation process by creating a BusyBox pod. The pod image deploys the confidential workload where you can retrieve the key.

Important

This procedure is an example to verify that attestation is working. Do not write sensitive data to standard I/O, because the data can be captured by using a memory dump. Only data written to memory is encrypted.

Procedure

  1. Create a test-pod.yaml manifest file: 

    apiVersion: v1
kind: Pod
metadata:
  name: busybox
  namespace: default
  annotations:
    io.katacontainers.config.hypervisor.cc_init_data: <initdata_string>
    1 
    
  labels:
    run: busybox
spec:
  runtimeClassName: kata-remote
  restartPolicy: Never
  containers:
  - name: busybox
    image: quay.io/prometheus/busybox:latest
    imagePullPolicy: Always
    command:
      - "sleep"
      - "3600"
    Copy to Clipboard Toggle word wrap
    1
    Optional: Setting initdata in a pod annotation overrides the global INITDATA setting in the peer pods config map.

  2. Create the pod by running the following command: 

    $ oc create -f test-pod.yaml
    Copy to Clipboard Toggle word wrap

  3. Log in to the pod by running the following command: 

    $ oc exec -it busybox -n default -- /bin/sh
    Copy to Clipboard Toggle word wrap

  4. Fetch the Red Hat build of Trustee resource by running the following command: 

    $ wget http://127.0.0.1:8006/cdh/resource/default/kbsres1/key1
    Copy to Clipboard Toggle word wrap

    Example output

    Connecting to 127.0.0.1:8006 (127.0.0.1:8006)
saving to 'key1'
key1                 100% |*******************************************|     8  0:00:00 ETA
'key1' saved
    Copy to Clipboard Toggle word wrap

  5. Display the key1 value by running the following command: 

    $ cat key1
    Copy to Clipboard Toggle word wrap

    Example output

    success #/
    Copy to Clipboard Toggle word wrap

You can deploy confidential containers workloads on a Red Hat OpenShift Container Platform cluster running on IBM Z® and IBM® LinuxONE bare-metal servers.

In the bare metal approach, you launch confidential containers virtual machines (VMs) directly on a logical partition (LPAR) that is booted with Red Hat Enterprise Linux CoreOS (RHCOS). The LPAR acts as a compute node in the cluster, providing a dedicated environment for running confidential workloads.

This approach eliminates the need for intermediate peer pod components, resulting in faster boot times, quicker recovery from failures, and simpler storage integration. As a result, it is suitable for production workloads that require high performance, consistent storage behaviour, and resource management that aligns with Kubernetes standards.

Important

Confidential containers on IBM Z® and IBM® LinuxONE bare-metal servers is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

5.1. Preparation
Copy link

Review these prerequisites and concepts before you deploy confidential containers on IBM Z® and IBM® LinuxONE bare-metal servers.

5.1.1. Prerequisites
Copy link

  • You have deployed Red Hat build of Trustee on an OpenShift Container Platform cluster in a trusted environment. For more information, see Deploying Red Hat build of Trustee.
  • You have installed the latest version of Red Hat OpenShift Container Platform on the cluster where you are running your confidential containers workload.

5.1.2. Initdata
Copy link

The initdata specification provides a flexible way to initialize a pod with workload-specific data at runtime, avoiding the need to embed such data in the virtual machine (VM) image.

This approach enhances security by reducing the exposure of confidential information and improves flexibility by eliminating custom image builds. For example, initdata can include three configuration settings:

  • An X.509 certificate for secure communication.
  • A cryptographic key for authentication.
  • An optional Kata Agent policy.rego file to enforce runtime behavior when overriding the default Kata Agent policy.

The initdata content configures the following components:

  • Attestation Agent (AA), which verifies the trustworthiness of the pod by sending evidence for attestation.
  • Confidential Data Hub (CDH), which manages secrets and secure data access within the pod VM.
  • Kata Agent, which enforces runtime policies and manages the lifecycle of the containers inside the pod VM.

You create an initdata.toml file and convert it to a Base64-encoded, gzip-format string.

You add the initdata string as an annotation to a pod manifest, allowing customization for individual workloads.

5.2. Deployment overview
Copy link

You deploy confidential containers on IBM Z® and IBM® LinuxONE bare-metal servers by performing the following steps:

  1. Install the OpenShift sandboxed containers Operator.
  2. Configure auto-detection of TEEs.
  3. Enable the confidential containers feature gate.
  4. Create initdata to initialize a peer pod with sensitive or workload-specific data at runtime.
  5. Upload a Secure Execution image to the container registry.
  6. Create the kata-addon-artifacts config map.

  7. Create initdata to initialize a pod with sensitive or workload-specific data at runtime.

    Important

    Do not use the default permissive Kata Agent policy in a production environment. You must configure a restrictive policy, preferably by creating initdata.

    As a minimum requirement, you must disable ExecProcessRequest to prevent a cluster administrator from accessing sensitive data by running the oc exec command on a confidential containers pod.

  8. Apply initdata to a pod.
  9. Create the KataConfig CR.
  10. Verify the attestation process.

You can install or upgrade the OpenShift sandboxed containers Operator by using the command line interface (CLI).

Note

You must configure the OpenShift sandboxed containers Operator subscription for manual updates by setting the value of installPlanApproval to Manual. Automatic updates are not supported.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.

Procedure

  1. Create an osc-namespace.yaml manifest file: 

    apiVersion: v1
kind: Namespace
metadata:
  name: openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

  2. Create the namespace by running the following command: 

    $ oc apply -f osc-namespace.yaml
    Copy to Clipboard Toggle word wrap

  3. Create an osc-operatorgroup.yaml manifest file: 

    apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: sandboxed-containers-operator-group
  namespace: openshift-sandboxed-containers-operator
spec:
  targetNamespaces:
  - openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

  4. Create the operator group by running the following command: 

    $ oc apply -f osc-operatorgroup.yaml
    Copy to Clipboard Toggle word wrap

  5. Create an osc-subscription.yaml manifest file: 

    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: sandboxed-containers-operator
  namespace: openshift-sandboxed-containers-operator
spec:
  channel: stable
  installPlanApproval: Manual
  name: sandboxed-containers-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
  startingCSV: sandboxed-containers-operator.v1.11.1
    Copy to Clipboard Toggle word wrap

  6. Create the subscription by running the following command: 

    $ oc create -f osc-subscription.yaml
    Copy to Clipboard Toggle word wrap

  7. Get the InstallPlan CR for the OpenShift sandboxed containers Operator by running the following command: 

    $ oc get installplan -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

    • Installation example output 

      NAME            CSV                                      APPROVAL  APPROVED
install-bl4fl   sandboxed-containers-operator.v1.11.1    Manual    false
      Copy to Clipboard Toggle word wrap

    • Upgrade example output 

      NAME            CSV                                     APPROVAL   APPROVED
install-jdzrb   sandboxed-containers-operator.v1.11.1   Manual     false
install-pfk8l   sandboxed-containers-operator.v1.10.3   Manual     true
      Copy to Clipboard Toggle word wrap

  8. Approve the manual installation by running the following command: 

    $ oc patch installplan <installplan_name> -p '{"spec":{"approved":true}}' --type=merge -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap
    <installplan_name>
    Specify the InstallPlan resource. For example, install-jdzrb.

  9. Verify that the Operator is correctly installed by running the following command: 

    $ oc get csv -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

    This command can take several minutes to complete.

  10. Watch the process by running the following command: 

    $ watch oc get csv -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                             DISPLAY                                  VERSION             REPLACES                   PHASE
openshift-sandboxed-containers   openshift-sandboxed-containers-operator  1.11.1    1.10.3        Succeeded
    Copy to Clipboard Toggle word wrap

5.4. Configuring auto-detection of TEEs
Copy link

You must configure your nodes so that the OpenShift sandboxed containers Operator can detect the Trusted Execution Environments (TEEs).

You label the nodes by installing and configuring the Node Feature Discovery (NFD) Operator.

Prerequisites

Procedure

  1. Create a my-nfd.yaml manifest file according to the following example: 

    apiVersion: nfd.openshift.io/v1
kind: NodeFeatureDiscovery
metadata:
  name: nfd-instance
  namespace: openshift-nfd
spec:
  operand:
    image: registry.redhat.io/openshift4/ose-node-feature-discovery-rhel9:v4.20
    imagePullPolicy: Always
    servicePort: 12000
  workerConfig:
    configData: |
    Copy to Clipboard Toggle word wrap

  2. Create the NodeFeatureDiscovery CR: 

    $ oc create -f my-nfd.yaml
    Copy to Clipboard Toggle word wrap

Procedure

  1. Create a custom resource manifest named my-nodefeaturerule.yaml for your TEE: 

    apiVersion: nfd.openshift.io/v1alpha1
kind: NodeFeatureRule
metadata:
  name: ibm-se-rule
  namespace: openshift-nfd
spec:
  rules:
    - name: "ibm.se.enabled"
      labels:
        ibm.feature.node.kubernetes.io/se: "true"
      matchFeatures:
        - feature: cpu.security
          matchExpressions:
            se.enabled: { op: IsTrue }
    Copy to Clipboard Toggle word wrap

  2. Create the NodeFeatureRule CR by running the following command: 

    $ oc create -f my-nodefeaturerule.yaml
    Copy to Clipboard Toggle word wrap
Note

A relabeling delay of up to 1 minute might occur.

5.5. Creating the osc-feature-gates config map
Copy link

You enable the confidential containers feature gate by creating the config map.

Bare metal solutions on IBM Z® and IBM® LinuxONE now support only a DaemonSet deployment approach. This method uses the prebuilt image pull process to ensure the virtual machine (VM) runs a Secure Execution-enabled kernel image.

Procedure

  1. Create a my-feature-gate.yaml manifest file: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: osc-feature-gates
  namespace: openshift-sandboxed-containers-operator
data:
  confidential: "true"
  deploymentMode: daemonset
    Copy to Clipboard Toggle word wrap

    where

    <deployment_mode>

    On OpenShift Container Platform clusters with the Machine Config Operator (MCO), the deploymentMode field is optional and can be omitted. Specifies the strategy for installing and configuring the Kata runtime. Specify the deployment mode:

    • MachineConfig for clusters that always use the MCO
    • DaemonSet for clusters that never use the MCO
    • DaemonSetFallback for clusters that sometimes use the MCO

  2. Create the my-feature-gates config map by running the following command: 

    $ oc create -f my-feature-gate.yaml
    Copy to Clipboard Toggle word wrap

You can either use a custom Secure Execution image or an IBM® Hyper Protect Confidential Container (HPCC) image to deploy confidential containers on IBM Z and IBM LinuxONE bare-metal servers.

You must build a Secure Execution image, create a Dockerfile and push the image to your container registry.

Procedure

  1. Build a Secure Execution image.

  2. Create a Dockerfile file for the Secure Execution image: 

    FROM alpine:3.20
RUN mkdir -p /images
COPY ./<image_name> /images/<image_name>
RUN chmod 644 /images/<image_name>
    Copy to Clipboard Toggle word wrap
    <image_name>
    Specify the custom Secure Execution image name. For example, se.img.

  3. Build a container image with a custom tag from the Dockerfile: 

    $ docker build -t <registry_name>/<user_name>/kata-se-artifacts:<image_tag> .
    Copy to Clipboard Toggle word wrap

  4. Push the container image to your registry: 

    $ docker push <registry_name>/<user_name>/kata-se-artifacts:<image_tag>
    Copy to Clipboard Toggle word wrap

5.7. Creating the kata-addon-artifacts config map
Copy link

You must create the kata-addon-artifacts config map to enable the use of custom kernel artifacts from container images when deploying in daemon set mode.

Important

If you are using the IBM® Hyper Protect Confidential Container (HPCC) image, see IBM HPCC documentation for further procedure information.

Procedure

  1. Create the kata-addon-artifacts.yaml manifest file: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: kata-addon-artifacts
  namespace: openshift-sandboxed-containers-operator
data:
  addonImage: "<container_image_path>"
  kernelPath: "<kernel_path>"
    Copy to Clipboard Toggle word wrap
    <container_image_path>
    Specify the path to your container image in the registry. For example, quay.io/openshift_sandboxed_containers/kata-se-artifacts:v1.0.
    <kernel_path>
    Specify the kernel path inside the image. For example, /images/se.img.

  2. Create the kata-addon-artifacts config map by running the following command: 

    $ oc create -f kata-addon-artifacts.yaml
    Copy to Clipboard Toggle word wrap

5.8. Creating initdata
Copy link

You create initdata to securely initialize a pod with sensitive or workload-specific data at runtime, thus avoiding the need to embed this data in a virtual machine image. This approach provides additional security by reducing the risk of exposure of confidential information and eliminates the need for custom image builds.

You can specify initdata in the pods config map, for global configuration, or in a pod manifest, for a specific pod. The initdata value in a pod manifest overrides the value set in the pods config map.

Important

In a production environment, you must create initdata to override the default permissive Kata agent policy.

You can specify initdata in the pod manifest, for a specific pod.

Important

You must delete the kbs_cert setting if you configure insecure_http = true in the kbs-config config map for Red Hat build of Trustee.

Procedure

  1. Obtain the Red Hat build of Trustee IP address by running the following command: 

    $ oc get node $(oc get pod -n trustee-operator-system \
  -o jsonpath='{.items[0].spec.nodeName}') \
  -o jsonpath='{.status.addresses[?(@.type=="InternalIP")].address}'
    Copy to Clipboard Toggle word wrap

    Example output

    192.168.122.22
    Copy to Clipboard Toggle word wrap

  2. Obtain the port by running the following command: 

    $ oc get svc kbs-service -n trustee-operator-system
    Copy to Clipboard Toggle word wrap

    Example output

    NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
kbs-service  NodePort    172.30.116.11   <none>        8080:32178/TCP   12d
    Copy to Clipboard Toggle word wrap

  3. Create the initdata.toml file: 

    algorithm = "sha384"
version = "0.1.0"

[data]
"aa.toml" = '''
[token_configs]
[token_configs.coco_as]

url = '<trustee_url>'

[token_configs.kbs]
url = '<trustee_url>'
'''

"cdh.toml" = '''
socket = 'unix:///run/confidential-containers/cdh.sock'
credentials = []

[kbc]
name = 'cc_kbc'
url = '<trustee_url>'
kbs_cert = """
-----BEGIN CERTIFICATE-----
<kbs_certificate>
-----END CERTIFICATE-----
"""
[image]
image_security_policy_uri = 'kbs:///default/<secret-policy-name>/<key>
'''
    Copy to Clipboard Toggle word wrap
    url
    Specify the Red Hat build of Trustee
    <kbs_certificate>
    Specify the Base64-encoded TLS certificate for the attestation agent.
    kbs_cert
    Delete the kbs_cert setting if you configure insecure_http = true in the kbs-config config map for Red Hat build of Trustee.
    image_security_policy_uri
    Optional, only if you enabled the container image signature verification policy. Replace <secret-policy-name> and <key> with the secret name and key, respectively specified in Creating the KbsConfig custom resource.

  4. Convert the initdata.toml file to a gzipped, Base64-encoded string in a text file by running the following command: 

    $ cat initdata.toml | gzip | base64 -w0 > initdata.txt
    Copy to Clipboard Toggle word wrap

    Record this string to use in the pod manifest.

5.9. Applying initdata to a pod
Copy link

You can override the global INITDATA setting by applying customized initdata to a specific pod for special use cases, such as development and testing with a relaxed policy, or when using different Red Hat build of Trustee configurations. You can customize initdata by adding an annotation to the workload pod YAML.

Prerequisite

  • You have created an initdata string.

Procedure

  1. Add the initdata string to the pod manifest: 

    apiVersion: v1
kind: Pod
metadata:
  name: ocp-cc-pod
  labels:
    app: ocp-cc-pod
  annotations:
    io.katacontainers.config.hypervisor.cc_init_data: <initdata_string>
spec:
  runtimeClassName: kata-cc
  containers:
  - name: <container_name>
    image: registry.access.redhat.com/ubi9/ubi:latest
    command:
    - sleep
    - "36000"
    securityContext:
      privileged: false
      seccompProfile:
        type: RuntimeDefault
    Copy to Clipboard Toggle word wrap

  2. Create the pod by running the following command: 

    $ oc create -f my-pod.yaml
    Copy to Clipboard Toggle word wrap

5.10. Creating the KataConfig custom resource
Copy link

You must create the KataConfig custom resource (CR) to install kata-cc as a runtime class on your worker nodes.

OpenShift sandboxed containers installs kata-cc as a secondary, optional runtime on the cluster and not as the primary runtime.

Creating the KataConfig CR automatically reboots the worker nodes. The reboot can take from 10 to more than 60 minutes. The following factors can increase the reboot time:

  • A large OpenShift Container Platform deployment with a greater number of worker nodes.
  • Activation of the BIOS and Diagnostics utility.
  • Deployment on a hard disk drive rather than an SSD.
  • Deployment on physical nodes such as bare metal, rather than on virtual nodes.
  • A slow CPU and network.

Procedure

  1. Create an example-kataconfig.yaml manifest file according to the following example: 

    apiVersion: kataconfiguration.openshift.io/v1
kind: KataConfig
metadata:
  name: example-kataconfig
spec:

  enablePeerPods: false
  checkNodeEligibility: true

  logLevel: info
#  kataConfigPoolSelector:
#    matchLabels:
#      <label_key>: '<label_value>'
    1
    Copy to Clipboard Toggle word wrap
    1
    Optional: If you have applied node labels to install kata-cc on specific nodes, specify the key and value, for example, cc: 'true'.

  2. Create the KataConfig CR by running the following command: 

    $ oc create -f example-kataconfig.yaml
    Copy to Clipboard Toggle word wrap

    The new KataConfig CR is created and installs kata-cc as a runtime class on the worker nodes.

    Wait for the kata-cc installation to complete and the worker nodes to reboot before verifying the installation.

  3. Monitor the installation progress by running the following command: 

    $ watch "oc describe kataconfig | sed -n /^Status:/,/^Events/p"
    Copy to Clipboard Toggle word wrap

    When the status of all workers under kataNodes is installed and the condition InProgress is False without specifying a reason, the kata-cc is installed on the cluster.

  4. Verify the runtime classes by running the following command: 

    $ oc get runtimeclass
    Copy to Clipboard Toggle word wrap

    Example output

    NAME             HANDLER          AGE
kata-cc      kata-se      152m
    Copy to Clipboard Toggle word wrap

5.11. Verifying attestation
Copy link

You can verify the attestation process by creating a test pod to retrieve a specific resource from Red Hat build of Trustee.

Important

This procedure is an example to verify that attestation is working. Do not write sensitive data to standard I/O, because the data can be captured by using a memory dump. Only data written to memory is encrypted.

Procedure

  1. Create a test-pod.yaml manifest file: 

    apiVersion: v1
kind: Pod
metadata:
  name: ocp-cc-pod
  labels:
    app: ocp-cc-pod
  annotations:
    io.katacontainers.config.hypervisor.cc_init_data: <initdata_string>
    1 
    
spec:
  runtimeClassName: kata-cc
  containers:
    - name: skr-openshift
      image: registry.access.redhat.com/ubi9/ubi:latest
      command:
        - sleep
        - "36000"
      securityContext:
        privileged: false
        seccompProfile:
          type: RuntimeDefault
metadata:
  name: coco-test-pod
  labels:
    app: coco-test-pod
  annotations:
    io.katacontainers.config.hypervisor.cc_init_data: <initdata_string>
    2 
    
spec:
  runtimeClassName: kata-cc
  containers:
    - name: test-container
      image: registry.access.redhat.com/ubi9/ubi:9.3
      command:
        - sleep
        - "36000"
      securityContext:
        privileged: false
        seccompProfile:
          type: RuntimeDefault
    Copy to Clipboard Toggle word wrap
    1 2
    Optional: Setting initdata in a pod annotation overrides the global INITDATA setting in the peer pods config map.

  2. Create the pod by running the following command: 

    $ oc create -f test-pod.yaml
    Copy to Clipboard Toggle word wrap

  3. Log in to the pod by running the following command: 

    $ oc exec -it ocp-cc-pod -- bash
    Copy to Clipboard Toggle word wrap

  4. Fetch the Red Hat build of Trustee resource by running the following command: 

    $ curl http://127.0.0.1:8006/cdh/resource/default/attestation-status/status
    Copy to Clipboard Toggle word wrap

    Example output

    success #/
    Copy to Clipboard Toggle word wrap

Chapter 6. Uninstalling confidential containers
Copy link

You uninstall confidential containers by uninstalling OpenShift sandboxed containers and its components on your workload cluster.

Then, you uninstall the Red Hat build of Trustee Operator and its components. See Uninstalling Red Hat build of Trustee for details.

You uninstall OpenShift sandboxed containers by performing the following tasks:

  1. Delete the workload pods.
  2. Delete the KataConfig custom resource (CR).
  3. Uninstall the OpenShift sandboxed containers Operator.
  4. Delete the KataConfig custom resource definition (CRD).
Important

You must delete the workload pods before deleting the KataConfig CR. The pod names usually have the prefix podvm and custom tags, if provided. If you deployed OpenShift sandboxed containers on a cloud provider and any resources remain after following these procedures, you might receive an unexpected bill for those resources from your cloud provider. Once you complete uninstalling OpenShift sandboxed containers on a cloud provider, check the cloud provider console to ensure that the procedures deleted all of the resources.

6.1. Deleting workload pods
Copy link

You can delete the OpenShift sandboxed containers workload pods by using the CLI.

Prerequisites

  • You have the JSON processor (jq) utility installed.

Procedure

  1. Search for the pods by running the following command: 

    $ oc get pods -A -o json | jq -r '.items[] | \
  select(.spec.runtimeClassName == "<runtime>").metadata.name'
    Copy to Clipboard Toggle word wrap

  2. Delete each pod by running the following command: 

    $ oc delete pod <pod>
    Copy to Clipboard Toggle word wrap
Important

When uninstalling OpenShift sandboxed containers deployed using a cloud provider, you must delete all of the pods. Any remaining pod resources might result in an unexpected bill from your cloud provider.

6.2. Deleting the KataConfig custom resource
Copy link

You delete the KataConfig custom resource (CR) by using the command line.

Procedure

  1. Delete the KataConfig CR by running the following command: 

    $ oc delete kataconfig example-kataconfig
    Copy to Clipboard Toggle word wrap

  2. Verify the CR removal by running the following command: 

    $ oc get kataconfig example-kataconfig
    Copy to Clipboard Toggle word wrap

    Example output

    No example-kataconfig instances exist
    Copy to Clipboard Toggle word wrap

Important

You must ensure that all pods are deleted. Any remaining pod resources might result in an unexpected bill from your cloud provider.

You uninstall the OpenShift sandboxed containers Operator by using the command line.

Procedure

  1. Delete the subscription by running the following command: 

    $ oc delete subscription sandboxed-containers-operator -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

  2. Delete the namespace by running the following command: 

    $ oc delete namespace openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

6.4. Deleting the KataConfig CRD
Copy link

You delete the KataConfig custom resource definition (CRD) by using the command line.

Prerequisites

  • You have deleted the KataConfig custom resource.
  • You have uninstalled the OpenShift sandboxed containers Operator.

Procedure

  1. Delete the KataConfig CRD by running the following command: 

    $ oc delete crd kataconfigs.kataconfiguration.openshift.io
    Copy to Clipboard Toggle word wrap

  2. Verify that the CRD was deleted by running the following command: 

    $ oc get crd kataconfigs.kataconfiguration.openshift.io
    Copy to Clipboard Toggle word wrap

    Example output

    Unknown CRD kataconfigs.kataconfiguration.openshift.io
    Copy to Clipboard Toggle word wrap

Legal Notice
Copy link

Copyright © Red Hat.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red Hat