Launching a Pod
The Architecture overview shows a simplified view of what happens when an Anjuna Confidential Pod is launched. This page will dive deeper into the components that make up the Anjuna Kubernetes Toolset, and how they interact with Kubernetes.
| This section is intended to improve your conceptual understanding, but for a hands-on introduction, you can skip straight to Installing the Anjuna Kubernetes Toolset. |
Kubernetes architecture refresher
As the Kubernetes documentation explains,
A Kubernetes cluster consists of a set of worker machines, called nodes, that run containerized applications. Every cluster has at least one worker node.
The worker node(s) host the Pods that are the components of the application workload. The control plane manages the worker nodes and the Pods in the cluster.
When a non-confidential Pod is deployed, the following process occurs:
Note that the non-confidential Pod processes end up running on the Node (VM) itself.
Anjuna Kubernetes Toolset architecture
When the Anjuna Kubernetes Toolset is installed in a Kubernetes cluster, non-confidential Pods are unaffected: the same process from above occurs.
For Anjuna Confidential Pods, the Anjuna Kubernetes Toolset launches each Anjuna Confidential Pod using an independent confidential VM. This provides strong isolation from other Pods and the Node, and it ensures that you can use remote attestation to prove the identity of the Pod itself.
| In the future, nested virtualization will allow you to run multiple Anjuna Confidential Pods on the same VM instance. Anjuna will support this capability when cloud service providers enable it. |
In the following diagram, Anjuna Kubernetes Toolset components are highlighted in green:
In the next section, Installing the Anjuna Kubernetes Toolset, you will install these components.