Redis in cK8s
To deploy the SGX application and access it using the Redis CLI in Kubernetes, follow these steps:
Apply the YAML file for the Redis service application:
This will deploy the actual SGX application that you want to use.
Apply the YAML file for the Redis CLI demonstration client:
This will deploy a client container that allows easy access to the Redis CLI with attested CA.
Copy the
certsdirectory to theenclaive-redis-clicontainer:
Access the
enclaive-redis-clicontainer's shell:
Connect to the Redis service using the Redis CLI command:
If everything goes as expected, the Redis CLI should connect to the attested and provisioned Redis service application through the Vault.
Configuration of enclaive Redis-SGX Container
Additionally, if you want to enclave your own applications using Gramine and achieve compatibility with the enclaive attestation infrastructure using Vault, you need to configure the enclaive Redis-SGX container as follows:
The container manifest should include at least the following values:
Ideally, the memory size of the enclave should be set to 2G for better startup stability.
The TLS configuration is stored in the following paths within the container:
Public Certificate:
/secrets/tmp/cert.pemPrivate Key:
/secrets/tmp/key.pemCluster CA:
/secrets/tmp/ca.pem
You can use these paths for your application configuration.
Please note that forked processes do not share temporary filesystems and therefore cannot access the TLS credentials.
Last updated