Add instructions for how to set-up, create and validate creating a
workload from the sample encrypted container image
Fixes: #confidential-containers/operator#77
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
We have a script that does most of the gruntwork as part of the CI, but can be
used locally on a machine to quickly setup a single-node test cluster. Let's
document that option.
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
Suggested-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
Describe and explain the project architecture.
Signed-off-by: Ariel Adam <aadam@redhat.com>
Co-authored-by: Dan Middleton <dan.middleton@intel.com>
Co-authored-by: Samuel Ortiz <sameo@rivosinc.com>
snake_case to match typical Rust style.
Only applies to documentation not files LICENSE
or CODEOWNERS or README.md
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
The operator-demo folder contains instruction to recreate the
ssh demo. This demo works only with the older code in the
operator `ccv0` branch. The code in `main` branch has deviated
significantly and the existing ssh demo will not work when using
the manifest from the main branch.
Signed-off-by: Pradipta Banerjee <pradipta.banerjee@gmail.com>
Quickstart guide is a durable entrypoint for new users
that will be updated for each release.
Release notes are updates about the current release.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
* Define Continuous Integration acronym before using it
This is a common term, but better to follow good practices about documentation.
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
* Add some definitions and terminology
At this stage in the release (i.e. quite early, nobody knowing what we are
doing), Better to define three-letter acronym or components before we actually
use the terminology.
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
* Add a description of some of the limitations
List some of the limitations that we have, trying to also indicate where this is
going in the relatively short term.
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
* Create release_notes_09_2022.md
* Update releases/release_notes_09_2022.md
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
* Update releases/release_notes_09_2022.md
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
* Update releases/release_notes_09_2022.md
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
* Update releases/release_notes_09_2022.md
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
* Update releases/release_notes_09_2022.md
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
* Update releases/release_notes_09_2022.md
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
* Update release_notes_09_2022.md
* Adding the diagrams for the architecture
Adding the diagrams for the COCO architecture
Co-authored-by: James O. D. Hunt <james.o.hunt@intel.com>
CNCF TAG-Security announced version 2 of the Security White Paper
and that broke the links to version 1.
Fix the links and move to v2 of the white paper..
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Add a introduction to Trust Model (Part of Issue #28).
Include references and links to prior art
Follow on Pull Requests will include sections corresponding to orthogonal ways of considering cloud native approaches relevent to the trust model
Specifically including
- Personas
- Lifecycle
- Trusted Execution Boundary Location
- Secured v unsecured TEE Base Image
Signed-off-by: James Magowan <magowan@uk.ibm.com>
- In the operator documentation,
- use the CCv0 demo image as payload,
- reference the SSH demo.
- In the SSH demo documentation,
- use the `kata-cc` runtime,
- reference the operator demo.
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
This recording demonstrates the ease of deploying a confidential
container and its confidentiality through a memory check.
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
There is now a public container image for the SSH demo with publicised
keys. Add the respective references.
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
Add basic documentation, Dockerfile, k8s and sandbox config for a demo
pod with SSH public key authentication.
Documentation on encrypting and running the image is omitted as of now,
for this is a more general topic which will require separate attention.
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
* Format markdown
Set column width to 100 characters to facilitate future PR reviews.
Signed-off-by: Dan Middleton <dan.middleton@intel.com>
* Add container isolation to Overview
Reflect community discussions from October 2021 recognizing prior work
with container isolation and future work to comprehensively address
the scope implied by Confidential Containers.
Signed-off-by: Dan Middleton <dan.middleton@intel.com>
