Architecture

The Anjuna Kubernetes Toolset enables Anjuna Confidential Pods to be deployed and orchestrated on an Azure Kubernetes Services (AKS) cluster as well as on an OpenShift cluster running on the Google Cloud Platform (GCP).

Your workloads run on isolated Confidential Virtual Machines (CVMs) while remaining as part of the cluster network and fully compatible with Kubernetes features. Unauthorized third parties, such as cluster administrators or the cloud service provider, cannot inspect or modify your workloads.

The Anjuna Kubernetes Toolset configures your cluster with all the required components and provides tools to build and measure Anjuna Confidential Pods from your regular container image.

Self-hosted software

Anjuna Seaglass, including the Anjuna Kubernetes Toolset, is self-hosted software. You will download the software from the Anjuna Resource Center and install it in your own infrastructure and cloud environment.

Anjuna Seaglass is not software-as-a-service (SaaS). It does not require any telemetry or other runtime dependency on any Anjuna-hosted services.

Workflow overview

Once a cluster is configured, the following flow can be used to deploy Confidential Pods:

  • Build and measure an Anjuna Confidential Pod image from a regular container image

  • Push the Anjuna Confidential Pod image to your cluster’s Cloud Service Provider (CSP)

  • Add the label anjuna.io/run-confidential: "yes" to the metadata labels

  • Add an annotation to the Pod spec with the URI from the CSP for the Anjuna Confidential Pod image

  • Create your Pod using your preferred method (kubectl, oc, helm, the Kubernetes SDK, etc.)

Cluster Nodes are not required to support AMD SEV-SNP technology or to even have AMD processors, as the confidential workloads will be deployed as separate virtual machines.

Note that regular Pods (i.e., non-confidential) can still be deployed to the cluster after the Anjuna Kubernetes Toolset is installed.

The following diagram illustrates the deployment flow of a new Confidential Pod:

Diagram that shows a simplified overview of the creation of an Anjuna Confidential Pod

Refer to Installing the Anjuna Kubernetes Toolset for instructions on installing the Anjuna Kubernetes Toolset to your cluster.

Refer to Deploying Pods as Anjuna Confidential Pods for tutorials on building, measuring, and deploying Anjuna Confidential Pods to a Kubernetes cluster.