Deploying Pods as Anjuna Confidential Pods

The previous sections were about setting up your Kubernetes/OpenShift cluster with the Anjuna Kubernetes Toolset. You should now be able to deploy containerized applications as Anjuna Confidential Pods without changing the applications' container images.

In this section, you will learn how to deploy applications as Anjuna Confidential Pods.

Overview

Following are the steps to deploy any application as an Anjuna Confidential Pod to your configured cluster:

  1. Build the Anjuna Confidential Pod image using the Anjuna Kubernetes Toolset CLI.

    1. This process will measure your container image to create a unique identity that cannot be tampered with. This identity, which is a set of measurements, can be cryptographically verified to ensure that the application has not been modified by untrusted parties. This mechanism can also be leveraged to securely distribute secrets to your application.

  2. Update your Pod specification in two ways:

    1. Add an annotation to reference the Anjuna Confidential Pod image you built in the previous step.

    2. Add the label anjuna.io/run-confidential: "yes" so that the Anjuna Kubernetes Toolset can run your Pod.

  3. Run kubectl apply (or oc apply in OpenShift) to deploy the Pod, like any other Kubernetes application.

Quickstart guides

The Quickstart guides have been organized per Cloud Service Provider (CSP).

If your Kubernetes cluster is a managed Azure Kubernetes Service (AKS), refer to Quickstart guides for AKS.

If your Kubernetes cluster is an OpenShift running on GCP, refer to Quickstart guides for OpenShift on GCP.