Introduction

Anjuna Seaglass for AMD SEV-SNP on Bare Metal is a tool suite for building and running Anjuna Confidential Containers on AMD SEV-SNP bare metal hosts.

Using Anjuna Seaglass for AMD SEV-SNP on Bare Metal, you can create an Anjuna Confidential Container that securely runs an existing containerized application on bare metal hardware, including securely distributing secrets to that application. No application changes are required.

In this document, you will learn about using the anjuna-metal CLI to build and run an Anjuna Confidential Container.

About this document

This guide is structured as follows:

  • Quickstart guide explains how to set up a bare metal host and install Anjuna Seaglass for AMD SEV-SNP on Bare Metal. It walks you through using anjuna-metal to create and run an Anjuna Confidential Container.

  • How-to guides covers specific tasks such as customizing the network configuration.

  • Advanced topics delves into disk image options, instance management, and attestation with the Anjuna Policy Manager.

Document conventions

This section describes typographical and other conventions used in this guide.

Text colored like this is a link to another document, either in this guide or elsewhere on the web.

Text in monospace type represents text that appears in a terminal or in the filesystem of a host. Commands, file names, and example code are shown in monospace type.

A block of text in monospace type represents an interaction with a host’s shell in the terminal, or the text of a file:

This block of text is an example of monospace type used to illustrate the contents of a file.

Some code blocks are shortened to emphasize only the relevant configuration. A line with <snip>…​ indicates that some lines have been removed from the full configuration.

The following text illustrates the appearance of a command in a terminal shell. You can copy the text by hovering over it and clicking on the clipboard icon to the right.

$ ls -al

Text in <angle brackets> in examples stands for text to be replaced.

For example, in this text:

/home/<username>/.bashrc

replace <username> with an actual username.