Devconf.cz 2023

The Confidential Containers (CoCo) is an exciting new sandbox project of the Cloud Native Computing Foundation (CNCF) that aims to push the boundaries of application and data security for containers. It implements a cloud-native solution for confidential computing using the most advanced trusted execution environments (TEE) technologies available from hardware vendors like AMD, IBM and Intel. In this workshop you will understand the threats and trust model, CoCo architecture and attestation flow, as well as its basis on Kata Containers and hardware TEE. On the hands-on part you will play with CoCo in your laptop, without TEE, using a custom runtime for demonstration purposes. We will prepare a workload pretending it will be executed on TEE hardware, and you will watch us deploying it on a cluster with AMD SEV machines. Overall you will learn how to install CoCo on Kubernetes, manage and prepare encrypted images, configure a Key Broker Server (KBS) and finally deploy confidential pods.