Redis in cK8s

To deploy the SGX application and access it using the Redis CLI in Kubernetes, follow these steps:

1. Apply the YAML file for the Redis service application:

kubectl apply -f apps/redis/redis.yaml

This will deploy the actual SGX application that you want to use.

1. Apply the YAML file for the Redis CLI demonstration client:

kubectl apply -f apps/redis/redis-cli.yaml

This will deploy a client container that allows easy access to the Redis CLI with attested CA.

1. Copy the certs directory to the enclaive-redis-cli container:

kubectl cp certs/ enclaive-redis-cli:/data/

1. Access the enclaive-redis-cli container's shell:

kubectl exec -it enclaive-redis-cli -- bash

1. Connect to the Redis service using the Redis CLI command:

redis-cli -h enclaive-redis-sgx --tls --cacert certs/sgx-ca.pem --cert certs/sgx-cert.pem --key certs/sgx-key.pem

If everything goes as expected, the Redis CLI should connect to the attested and provisioned Redis service application through the Vault.

Configuration of enclaive Redis-SGX Container

Additionally, if you want to enclave your own applications using Gramine and achieve compatibility with the enclaive attestation infrastructure using Vault, you need to configure the enclaive Redis-SGX container as follows:

The container manifest should include at least the following values:

Ideally, the memory size of the enclave should be set to 2G for better startup stability.

The TLS configuration is stored in the following paths within the container:

• Public Certificate: /secrets/tmp/cert.pem

• Private Key: /secrets/tmp/key.pem

• Cluster CA: /secrets/tmp/ca.pem

You can use these paths for your application configuration.

Please note that forked processes do not share temporary filesystems and therefore cannot access the TLS credentials.