A summary of confidential containers in OpenShift.
In this blog, we will learn about confidential containers in OpenShift.
What is the rationale behind the necessity for confidential containers?
OpenShift sandbox containers (OSC) offer enhanced isolation for workloads (pods) within the OpenShift environment.
- Isolation between workloads: This ensures that workloads remain unaffected by one another, even when they possess elevated privileges, such as those required for CI/CD processes. The concept of pod-sandboxing is often used to refer to this functionality.
- Separating the cluster from the workload: This ensures that the workload is unable to execute any operations on the actual cluster, including accessing the OpenShift nodes.
Confidential Containers (CoCo) enhance the Open Secure Container (OSC) framework to introduce a novel form of isolation.
- Separate the workload from the cluster: This ensures that both the cluster administrator and the infrastructure administrator are unable to view or interfere with the workload and its associated data. This approach provides protection for the data in use within your workloads.
What is the significance of this?
Currently, there are tools available to safeguard your data at rest through disk encryption and to secure your data in transit by protecting your connections. Nevertheless, a significant gap remains in the protection of your workload while it is actively running, particularly in scenarios such as executing an AI model that constitutes your unique advantage or transmitting your customers’ private information to your large language model for inference. Confidential containers address this issue by ensuring the security of your data in use.
When utilizing CoCo, the deployment of your workload on third-party infrastructure substantially mitigates the risk of unauthorized access by entities such as infrastructure administrators, service providers, or privileged applications. This approach helps safeguard your workload data, secrets, and intellectual property, while also protecting your application code from potential tampering.
The image below illustrates the various types of isolation offered by OSC along with its new CoCo functionality. To maintain clarity, the OpenShift sandboxed containers operator has been excluded from the diagram.
Confidential containers are founded on the principles of Confidential Computing.
Confidential Computing safeguards your data during processing by utilizing specialized hardware solutions. By employing such hardware, you can establish secure environments that are exclusively under your control, thereby mitigating the risk of unauthorized access or alterations to your workload’s data while it is actively being processed. This capability is particularly crucial when handling sensitive information or operating within regulated sectors.
The technology utilized to establish secure environments comprises Intel TDX, AMD SEV-SNP, and IBM SEL on IBM Z and LinuxONE, along with several other options. However, these technologies are intricate and necessitate a comprehensive understanding for effective usage and deployment.
Confidential containers are designed to streamline processes by offering cloud-native solutions for these technologies.
Confidential containers facilitate cloud-native confidential computing across various hardware platforms and supporting technologies. CoCo seeks to establish a standard for confidential computing at the pod level, thereby streamlining its utilization within Kubernetes environments. This approach allows Kubernetes users to deploy CoCo workloads utilizing their existing workflows and tools, without requiring an in-depth comprehension of the underlying technologies associated with confidential containers.
By utilizing CoCo, it is possible to deploy workloads on a shared infrastructure, thereby minimizing the risk of unauthorized access to both your workload and data.
What are the practical mechanisms through which this phenomenon occurs?
The technology utilized to establish secure environments comprises Intel TDX, AMD SEV-SNP, and IBM SEL on IBM Z and LinuxONE, along with several other options. At the core of a confidential computing solution lies the TEE, which serves as an isolated environment featuring advanced security measures, such as runtime memory encryption and integrity protection, facilitated by hardware designed for confidential computing. The OpenShift CoCo solution is founded on a distinct type of virtual machine (VM) referred to as a confidential virtual machine (CVM), which functions within the trusted execution environment (TEE).
Let us relate this to OSC. OSC utilizes virtual machines to sandbox workloads (pods), and with the implementation of confidential virtual machines (CVMs), it now offers confidential container functionalities for your workloads. Upon the creation of a CoCo workload, OSC generates a CVM that operates within the trusted execution environment (TEE) provided by hardware capable of confidential computing, subsequently deploying the workload within the CVM. This CVM ensures that unauthorized individuals cannot access or observe the activities occurring within it.
The subsequent image illustrates the relationship between a workload (pod) that is deployed on a CVM operating within the Trusted Execution Environment (TEE) available in either public cloud infrastructure or on-premises hardware.
Confidential containers depend on attestation for their security.
A vital element of the confidential containers solution, especially in the context of the zero trust security model, is attestation. Prior to launching your workload as a confidential container, it is imperative to have a mechanism in place to confirm the trustworthiness of the Trusted Execution Environment (TEE). Attestation serves as the procedure for validating that the TEE, whether it is in a designated public cloud or intended for the transmission of confidential data, is genuinely reliable.
The integration of Trusted Execution Environments (TEEs) with attestation capabilities allows the CoCo solution to establish a secure environment for executing workloads, while also ensuring the technical enforcement of code and data protection against unauthorized access by privileged entities.
In the CoCo solution, the Trustee project, which is a component of the CNCF Confidential Containers initiative, offers attestation capabilities. It is tasked with executing attestation operations and providing secrets upon successful attestation. For further details regarding Trustees, we suggest consulting our earlier article, Introducing Confidential Containers Trustee: Attestation Services Solution Overview and Use Cases.
The Trustee comprises, among other elements, the following essential components.
- Trustee agents: Trustee agents are integral components that operate within the Cloud Virtual Machine (CVM). Among these is the Attestation Agent (AA), tasked with transmitting evidence (claims) from the Trusted Execution Environment (TEE) to validate the trustworthiness of the environment.
- Key Broker Service (KBS): This service acts as the gateway for remote attestation. It transmits the evidence (claims) from the Attestation Authority (AA) to the Attestation Service (AS) for validation, and upon successful validation, facilitates the provision of secrets to the Trusted Execution Environment (TEE).
- Attestation Service (AS): This service authenticates the evidence from the Trusted Execution Environment (TEE).
The diagram presented below depicts the interaction among the Trustee components within the OpenShift CoCo solution.
Please take note of the following.
- The Trusted Execution Environment (TEE) functions within a potentially untrusted setting in which your tasks are carried out. It facilitates the extension of trust from a secure environment to one that is deemed untrusted.
- It is essential to implement the Trustee services in a setting that you completely trust, whether it is on-premises or within a dedicated cloud environment.
The operator for confidential compute attestation.
This newly introduced confidential compute attestation operator is an integral component of the OpenShift CoCo solution. It enables the implementation and oversight of Trustee services within an OpenShift cluster.
It offers a specialized resource known as KbsConfig, which is utilized to set up the necessary Trustee services, including KBS, AS, and others. Furthermore, it streamlines the administration of secrets for secure containers.
The diagram below illustrates the connection between the Trustee and OpenShift facilitated by this operator.
The diagram demonstrates that the confidential compute attestation operator must operate within a trusted environment to ensure the integrity and security of essential services, including the AS and KBS. These services play a crucial role in verifying and upholding the trustworthiness of the TEE.
We suggest the subsequent actions when implementing this operator.
- Deploy within an OpenShift cluster functioning in a secure setting: Leverage a pre-existing, secure cluster, such as your safeguarded software supply chain environment, to create a dependable foundation.
- Integrate the current key management systems and establish a connection to the KBS, for instance, through the External Secrets Operator or the Secrets Store CSI driver.
Consolidating all elements.
The diagram below illustrates a standard implementation of the OSC CoCo solution within an OpenShift cluster hosted on Azure, with the confidential compute attestation operator situated in a distinct trusted environment.
OpenShift confidential containers are built upon aCVM, as illustrated in the diagram, and operate within a Trusted Execution Environment (TEE). These containers function within the CVM to ensure the confidentiality and integrity of data.
Please take note of the following.
- OpenShift confidential containers utilize a Confidential Virtual Machine (CVM) that operates within a Trusted Execution Environment (TEE) to ensure the confidentiality and integrity of data.
- The Linux guest components are tasked with retrieving workload (pod) images and executing them within the CVM.
- The pod operating within the CVM takes advantage of encrypted memory and integrity assurances offered by the TEE.
- Trustee agents operate within the CVM, conducting attestations and acquiring necessary secrets.
- The environment in which the pod operates is considered untrusted, with the only reliable elements being the CVM and the components that function within it.
- The confidential compute attestation operator operates within a secure environment that is distinct from the location where the workload (pod) is executed. This establishes your trust anchor for evaluating the dependability of the Trusted Execution Environment (TEE).
- Attestation confirms the reliability of the Trusted Execution Environment (TEE) prior to the execution of the workload, allowing access to confidential information.
Overview.
OpenShift confidential containers provide a strong supplementary layer of security, ensuring that your data is protected even during active usage. This safeguarding of data in use guarantees that even privileged users, such as cluster or infrastructure administrators, cannot access your data without appropriate authorization. This solution utilizes hardware-based Trusted Execution Environments (TEEs) in conjunction with attestation and key management facilitated by Trustee services, all coordinated by the OpenShift confidential compute attestation operator.
The implementation of the OpenShift CoCo solution requires the utilization of a secure environment that operates the confidential compute attestation operator, which is responsible for delivering attestation and key management services.