Use the following kubernetes yaml file to deploy a MongoDB SGX instance inside kubernetes:
Copy apiVersion: v1
kind: Pod
metadata:
name: enclaive-mongodb-sgx
namespace: default
labels:
service: enclaive-mongodb-sgx
spec:
initContainers:
- name: init-vault-sgx
image: busybox
command: ['sh', '-c', 'until wget -O /dev/null --no-check-certificate -q -T 5 https://enclaive-vault-sgx:8200/v1/sys/health?standbyok=true;do echo "waiting for vault"; sleep 2; done']
containers:
- name: mongodb
image: docker.io/enclaive/mongodb-sgx
env:
- name: ENCLAIVE_SERVER
value: "https://enclaive-vault-sgx:8200"
volumeMounts:
- mountPath: /etc/sgx_default_qcnl.conf
subPath: sgx_default_qcnl.conf
name: qcnl-conf
- mountPath: /dev/sgx/enclave
name: dev-sgx-enclave
- mountPath: /dev/sgx_enclave
name: dev-sgx-enclave
- mountPath: /dev/sgx_provision
name: dev-sgx-provision
- mountPath: "/data/"
name: enclaive-docker-mongodb-sgx-data
- mountPath: "/logs/"
name: enclaive-docker-mongodb-sgx-logs
securityContext:
privileged: true
ports:
- containerPort: 27017
imagePullPolicy: Always
volumes:
- name: qcnl-conf
configMap:
name: enclaive-sgx-pccs-config
- name: dev-sgx-provision
hostPath:
path: /dev/sgx_provision
- name: dev-sgx-enclave
hostPath:
path: /dev/sgx_enclave
- name: enclaive-docker-mongodb-sgx-data
hostPath:
path: /etc/enclaive/enclaive-docker-mongodb-sgx/data
- name: enclaive-docker-mongodb-sgx-logs
hostPath:
path: /etc/enclaive/enclaive-docker-mongodb-sgx/logs
---
apiVersion: v1
kind: Service
metadata:
name: enclaive-mongodb-sgx
namespace: default
spec:
ports:
- port: 27017
protocol: TCP
targetPort: 27017
selector:
service: enclaive-mongodb-sgx
Copy spec:
containers:
- name: mongodb-kubernetes-operator
image: quay.io/mongodb/mongodb-kubernetes-operator:0.5.1
command:
- mongodb-kubernetes-operator
imagePullPolicy: Always
env:
- name: MONGODB_IMAGE
value:mongodb-sgx
- name: MONGODB_REPO_URL
value: docker.io/enclaive
Copy docker pull enclaive/mongodb-sgx
docker tag enclaive/mongodb-sgx:latest enclaive/mongodb-sgx:6.0.0