Prerequisites

This guide assumes that your machine has the following tools installed:

gcloud (452.0.1 or later)
oc compatible with your cluster version
docker (as a non-root user)
anjuna-gcp-cli
- The Anjuna Seaglass Kubernetes Toolset for SEV requires the Anjuna Seaglass SEV Runtime to build the Confidential Pod images.
  Refer to the Supported Anjuna Seaglass SEV Runtime versions for the Anjuna Seaglass Kubernetes Toolset for SEV versions matrix. The matrix shows the Anjuna Seaglass SEV Runtime version that can be used with v2.0 of the Anjuna Seaglass Kubernetes Toolset for SEV.

GCP permissions

This guide requires that you have access to the GCP project where the cluster is running. The following roles are expected from your identity:

Storage Admin (roles/storage.admin)
Artifact Registry Administrator (roles/artifactregistry.admin)
Create Service Accounts (roles/iam.serviceAccountCreator)
Project IAM Admin (roles/resourcemanager.projectIamAdmin)

Also, you are required to have access to your cluster via kubectl with enough access to deploy new non-privileged workloads.

Configure the environment and cluster access

If the Anjuna Kubernetes Toolset is not installed to your cluster, follow the cluster setup instructions in the Installing the Anjuna Kubernetes Toolset to OpenShift on GCP section. This is required to proceed.

Refer to Validating the Anjuna Seaglass Operator installation and to Verify the Helm Chart installation to verify if the Anjuna Kubernetes Toolset is correctly installed to your cluster.

In order to correctly configure your environment for the Quickstart tutorials, a subset of the environment variables defined in Configuring your local environment will be needed. Mainly the following:

Environment variable Usage

Environment variable	Usage
`ANJ_PROJ`	The GCP project name where your cluster has been set up.
`ANJ_REGION`	The GCP region, such as `us-central1`.
`ANJ_IMAGE_REGISTRY`	The artifact registry used for storing the example Anjuna Confidential Pod container images. For example: `${ANJ_REGION}-docker.pkg.dev`
`ANJ_IMAGE_PATH`	The path in the container image registry to store the images. For example: `anjuna-openshift/anjuna-k8s-toolset-examples`
`ANJ_K8S_TOOLSET_DIR`	The absolute path to the directory where the Anjuna Kubernetes Toolset files can be found.
`ANJ_SACCT_IMAGE_PULLER`	The name of the service account that will be created to enable access to the artifact registry for the Anjuna Kubernetes Toolset images.
`ANJ_BUCKET_NAME`	The name of a GCP bucket for storing the Confidential Container disk images you will build.

ANJ_PROJ

The GCP project name where your cluster has been set up.

ANJ_REGION

The GCP region, such as us-central1.

ANJ_IMAGE_REGISTRY

The artifact registry used for storing the example Anjuna Confidential Pod container images. For example: ${ANJ_REGION}-docker.pkg.dev

ANJ_IMAGE_PATH

The path in the container image registry to store the images. For example: anjuna-openshift/anjuna-k8s-toolset-examples

ANJ_K8S_TOOLSET_DIR

The absolute path to the directory where the Anjuna Kubernetes Toolset files can be found.

ANJ_SACCT_IMAGE_PULLER

The name of the service account that will be created to enable access to the artifact registry for the Anjuna Kubernetes Toolset images.

ANJ_BUCKET_NAME

The name of a GCP bucket for storing the Confidential Container disk images you will build.