# Redis in cK8s To deploy the SGX application and access it using the Redis CLI in Kubernetes, follow these steps: 1. Apply the YAML file for the Redis service application: ```bash kubectl apply -f apps/redis/redis.yaml ``` This will deploy the actual SGX application that you want to use. 2. Apply the YAML file for the Redis CLI demonstration client: ```bash kubectl apply -f apps/redis/redis-cli.yaml ``` This will deploy a client container that allows easy access to the Redis CLI with attested CA. 3. Copy the `certs` directory to the `enclaive-redis-cli` container: ```bash kubectl cp certs/ enclaive-redis-cli:/data/ ``` 4. Access the `enclaive-redis-cli` container's shell: ```bash kubectl exec -it enclaive-redis-cli -- bash ``` 5. Connect to the Redis service using the Redis CLI command: ```bash redis-cli -h enclaive-redis-sgx --tls --cacert certs/sgx-ca.pem --cert certs/sgx-cert.pem --key certs/sgx-key.pem ``` If everything goes as expected, the Redis CLI should connect to the attested and provisioned Redis service application through the Vault. ### Configuration of enclaive Redis-SGX Container Additionally, if you want to enclave your own applications using Gramine and achieve compatibility with the enclaive attestation infrastructure using Vault, you need to configure the enclaive Redis-SGX container as follows: The container manifest should include at least the following values: ```lua libos.entrypoint = "/app/premain" loader.argv = [ "/usr/bin/redis-server", "/etc/redis.conf" ] loader.env.ENCLAIVE_NAME = "enclaive-redis-sgx" loader.env.ENCLAIVE_SERVER = { passthrough = true } fs.mounts = [ { path = "/secrets/tmp", type = "tmpfs" } ] sgx.enclave_size = "1G" sgx.remote_attestation = "dcap" ``` Ideally, the memory size of the enclave should be set to 2G for better startup stability. The TLS configuration is stored in the following paths within the container: * Public Certificate: `/secrets/tmp/cert.pem` * Private Key: `/secrets/tmp/key.pem` * Cluster CA: `/secrets/tmp/ca.pem` You can use these paths for your application configuration. Please note that forked processes do not share temporary filesystems and therefore cannot access the TLS credentials. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.enclaive.cloud/confidential-cloud/technology-in-depth/intel-sgx/enclaive-development-kit/use-cases/redis.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.