# Redis in cK8s To deploy the SGX application and access it using the Redis CLI in Kubernetes, follow these steps: 1. Apply the YAML file for the Redis service application: ```bash kubectl apply -f apps/redis/redis.yaml ``` This will deploy the actual SGX application that you want to use. 2. Apply the YAML file for the Redis CLI demonstration client: ```bash kubectl apply -f apps/redis/redis-cli.yaml ``` This will deploy a client container that allows easy access to the Redis CLI with attested CA. 3. Copy the `certs` directory to the `enclaive-redis-cli` container: ```bash kubectl cp certs/ enclaive-redis-cli:/data/ ``` 4. Access the `enclaive-redis-cli` container's shell: ```bash kubectl exec -it enclaive-redis-cli -- bash ``` 5. Connect to the Redis service using the Redis CLI command: ```bash redis-cli -h enclaive-redis-sgx --tls --cacert certs/sgx-ca.pem --cert certs/sgx-cert.pem --key certs/sgx-key.pem ``` If everything goes as expected, the Redis CLI should connect to the attested and provisioned Redis service application through the Vault. ### Configuration of enclaive Redis-SGX Container Additionally, if you want to enclave your own applications using Gramine and achieve compatibility with the enclaive attestation infrastructure using Vault, you need to configure the enclaive Redis-SGX container as follows: The container manifest should include at least the following values: ```lua libos.entrypoint = "/app/premain" loader.argv = [ "/usr/bin/redis-server", "/etc/redis.conf" ] loader.env.ENCLAIVE_NAME = "enclaive-redis-sgx" loader.env.ENCLAIVE_SERVER = { passthrough = true } fs.mounts = [ { path = "/secrets/tmp", type = "tmpfs" } ] sgx.enclave_size = "1G" sgx.remote_attestation = "dcap" ``` Ideally, the memory size of the enclave should be set to 2G for better startup stability. The TLS configuration is stored in the following paths within the container: * Public Certificate: `/secrets/tmp/cert.pem` * Private Key: `/secrets/tmp/key.pem` * Cluster CA: `/secrets/tmp/ca.pem` You can use these paths for your application configuration. Please note that forked processes do not share temporary filesystems and therefore cannot access the TLS credentials.