Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 1. Overview
Learn about confidential containers and ensure that your OpenShift Container Platform environment is compatible.
1.1. About confidential containers
Confidential containers provides a confidential computing environment to protect containers and data by leveraging Trusted Execution Environments.
For more information, see Exploring the OpenShift confidential containers solution.
1.2. Compatibility with OpenShift Container Platform
The required functionality for Red Hat OpenShift Container Platform is supported by two main components:
- Kata runtime
- The Kata runtime is included with Red Hat Enterprise Linux CoreOS (RHCOS) and receives updates with every OpenShift Container Platform release. When enabling peer pods with the Kata runtime, the OpenShift sandboxed containers Operator requires external network connectivity to pull the necessary image components and helper utilities to create the pod virtual machine (VM) image.
- OpenShift sandboxed containers Operator
- The OpenShift sandboxed containers Operator is a Rolling Stream Operator, which means the latest version is the only supported version. It works with all currently supported versions of OpenShift Container Platform.
The Operator depends on the features that come with the RHCOS host and the environment it runs in.
You must install RHCOS on the worker nodes. Red Hat Enterprise Linux (RHEL) nodes are not supported.
The following compatibility matrix for OpenShift sandboxed containers and OpenShift Container Platform releases identifies compatible features and environments.
| Architecture | OpenShift Container Platform version |
|---|---|
| x86_64 | 4.17 or later |
| s390x | 4.17 or later |
There are two ways to deploy the Kata containers runtime:
- Bare metal
- Peer pods
You can deploy OpenShift sandboxed containers by using peer pods on Microsoft Azure, AWS Cloud Computing Services, or Google Cloud. With the release of OpenShift sandboxed containers 1.11, the OpenShift sandboxed containers Operator requires OpenShift Container Platform version 4.17 or later.
| Major release version | 4.17 | 4.18 | 4.19 | 4.20 | |
|---|---|---|---|---|---|
| Minor release version | 4.17.45+ | 4.18.30+ | 4.19.20+ | 4.20.6+ | |
| Feature | Platform | ||||
| Confidential containers | Bare metal | — | — | — | TP |
| Azure peer pods | GA | GA | GA | GA | |
| IBM Z peer pods | TP | TP | TP | TP | |
| IBM Z bare metal | — | — | — | TP | |
| GPU support | Bare metal | — | — | — | — |
| Azure | DP | DP | DP | DP | |
| AWS | DP | DP | DP | DP | |
| Google Cloud | DP | DP | DP | DP | |
GPU support for peer pods is a Developer Preview feature only. Developer Preview features are not supported by Red Hat in any way and are not functionally complete or production-ready. Do not use Developer Preview features for production or business-critical workloads. Developer Preview features provide early access to upcoming product features in advance of their possible inclusion in a Red Hat product offering, enabling customers to test functionality and provide feedback during the development process. These features might not have any documentation, are subject to change or removal at any time, and testing is limited. Red Hat might provide ways to submit feedback on Developer Preview features without an associated SLA.
| Platform | GPU | Confidential containers |
|---|---|---|
| Azure | DP | GA |
| AWS | DP | — |
| Google Cloud | DP | — |
| Platform | GPU | Confidential containers |
|---|---|---|
| Bare metal | — | TP |
| IBM Z | — | TP |
1.3. Providing feedback on Red Hat documentation
You can provide feedback or report an error by submitting the Create Issue form in Jira:
- Ensure that you are logged in to Jira. If you do not have a Jira account, you must create a Red Hat Jira account.
- Launch the Create Issue form.
Complete the Summary, Description, and Reporter fields.
In the Description field, include the documentation URL, chapter or section number, and a detailed description of the issue.
- Click Create.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}