Integration with SCONE

SCONE is a tool that allows confidential computing on the cloud thus protecting the data, code and application secrets on a Kubernetes cluster (More info about SCONE and Kubernetes here).

To use SCONE on a Kubernetes cluster Intel SGX has to be enabled on the machines, and for these, the SGX Kubernetes plugin needs to be present on the cluster. Once the plugin is installed you only need to specify the parameter enable_sgx on the FDL of the services that are going to use a secured container image like in the following example.

functions:
  oscar:
  - oscar-cluster:
      name: sgx-service
      memory: 1Gi
      cpu: '0.6'
      image: your_image
      enable_sgx: true
      script: script.sh