Introduction

Confidential VM technology, such as Microsoft Azure Confidential VM, provides a way to run applications in a virtual machine on AMD Secure Encrypted Virtualization (SEV-SNP) systems. This enables application developers to use hardware-accelerated memory encryption for data-in-use to prevent access to the memory and CPU of the running applications.

By using the Anjuna Seaglass Platform, you can create an Anjuna Confidential Container, which augments the architecture provided by the cloud service provider. The Anjuna Confidential Container securely runs an existing containerized application in an Azure Confidential VM, including securely distributing secrets to that application. No application changes are required.

Furthermore, Anjuna Confidential Containers can be deployed to Azure Kubernetes Service clusters as Anjuna Confidential Pods. This combines industry-standard tools and practices for container orchestration with the hardware-grade security and attestation capabilities of Anjuna Confidential Containers.

Anjuna Confidential Pods seamlessly integrate into the cluster network and support standard Kubernetes features, primitives, and tools.

In this document, you will learn about using the Anjuna Kubernetes Toolset to build and deploy an Anjuna Confidential Pod in an Azure Kubernetes Services cluster.

About this document

This guide is structured as follows:

Architecture provides an overview of the architecture of the Anjuna Kubernetes Toolset and how it enables Anjuna Confidential Pods running on AMD SEV-SNP confidential virtual machines.
Installing the Anjuna Kubernetes Toolset guides you through installation of the Anjuna Kubernetes Toolset on Kubernetes clusters.
Deploying Pods as Anjuna Confidential Pods in AKS provides instructions on using the Anjuna Kubernetes Toolset with Azure Kubernetes Service.
How-to guides contains instructions for achieving specific goals.
Attestation with Anjuna Policy Manager introduces the Anjuna Policy Manager, which can be used to distribute secrets to Anjuna Confidential Pods on AKS.
Configuration reference explains the configuration options used to control the behavior of an Anjuna Confidential Pod.
Troubleshooting addresses possible warnings or errors you might encounter while using the Anjuna tools, including potential solutions.

Document conventions

This section describes typographical and other conventions used in this guide.

Text colored like this is a link to another document, either in this guide or elsewhere on the web.

Text in monospace type represents text that appears in a terminal or in the filesystem of a host. Commands, file names, and example code are shown in monospace type.

A block of text in monospace type represents an interaction with a host’s shell in the terminal, or the text of a file.

This block of text is an example of monospace type used to illustrate the contents of a file.

Some code blocks are shortened to emphasize only the relevant configuration. A line with <snip>… indicates that some lines have been removed from the full configuration.

The following text illustrates the appearance of a command in a terminal shell. You can copy the text by hovering over it and clicking on the clipboard icon to the right.

$ ls -al

Text in <angle brackets> in examples stands for text to be replaced.

For example, in this text:

/home/<username>/.bashrc

replace <username> with an actual username.