Redis in cK8s
To deploy the SGX application and access it using the Redis CLI in Kubernetes, follow these steps:
Apply the YAML file for the Redis service application:
This will deploy the actual SGX application that you want to use.
Apply the YAML file for the Redis CLI demonstration client:
This will deploy a client container that allows easy access to the Redis CLI with attested CA.
Copy the
certsdirectory to theenclaive-redis-clicontainer:
Access the
enclaive-redis-clicontainer's shell:
Connect to the Redis service using the Redis CLI command:
If everything goes as expected, the Redis CLI should connect to the attested and provisioned Redis service application through the Vault.
Configuration of enclaive Redis-SGX Container
Additionally, if you want to enclave your own applications using Gramine and achieve compatibility with the enclaive attestation infrastructure using Vault, you need to configure the enclaive Redis-SGX container as follows:
The container manifest should include at least the following values:
Ideally, the memory size of the enclave should be set to 2G for better startup stability.
The TLS configuration is stored in the following paths within the container:
Public Certificate:
/secrets/tmp/cert.pemPrivate Key:
/secrets/tmp/key.pemCluster CA:
/secrets/tmp/ca.pem
You can use these paths for your application configuration.
Please note that forked processes do not share temporary filesystems and therefore cannot access the TLS credentials.
Last updated
Was this helpful?