Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deploy enclave-cc failed #379

Open
reclock opened this issue Apr 2, 2024 · 5 comments
Open

deploy enclave-cc failed #379

reclock opened this issue Apr 2, 2024 · 5 comments

Comments

@reclock
Copy link

reclock commented Apr 2, 2024

I have a machine that supports SGX and wanted to install enclave cc, but it failed

  1. I installed the program
    image

  2. When I am executing "kubectl apply -k github.com/confidential-containers/operator/config/samples/enclave-cc/hw?ref=v0.7.0",
    image

but I can't see the enclave_cc runtime

Is there any problem with my installation?

@mythi
Copy link
Contributor

mythi commented Apr 3, 2024

there's not enough information to answer your question but most likely: yes. what's the status of the operator pods?

@reclock
Copy link
Author

reclock commented Apr 15, 2024

Currently, I have installed enclave cc normally and uploaded the encrypted image to my private repository. However, errors may occur during deployment and use
image

this is my yaml


apiVersion: v1
kind: Pod
metadata:
  name: enclave-cc-pod-test
spec:
  containers:
  - image: 192.168.6.105:8443/rongan/sgxt1:encrypted
    name: hello-world
    workingDir: "/run/rune/boot_instance/"
    env:
    - name: OCCLUM_RELEASE_ENCLAVE
      value: "1"
    command:
    - /run/rune/boot_instance/build/bin/occlum-run
    - /bin/hello_world
  runtimeClassName: enclave-cc

@mythi
Copy link
Contributor

mythi commented Apr 15, 2024

we currently don't support building/setting custom cert chains for the image registries which to me looks to be the error. There's a thread on CoCo slack about "I'm trying to get enclave-cc running with a local container registry, but not found where to place the self-signed CA certificate or disable TLS for this registry" but that work never made into this repo yet.

@reclock
Copy link
Author

reclock commented Apr 16, 2024

  1. Can I only use this repository to upload encrypted images? Similar to the following?
    ghcr.io/confidential-containers/test-container-enclave-cc:encrypted

  2. example

Where is the decryption key configured for this example?

@mythi
Copy link
Contributor

mythi commented Apr 23, 2024

@reclock is this a duplicate of #391

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants