Skip to main content

Manifest Updates

the attesstation proxy is identified by the enclave from the outboundConnections section of the Oblv-deploy manifest.

1
Attestation proxy configuration for the enclave
- fqdn: kms.us-east-2.amazonaws.com
  port: 443
  type: proxy
  proxyUrl: http://oblv-attestation-proxy.yourdomain.com
  attestationPort: 12008
  attestationIntervalSeconds: 60

Here,

  • fqdn: indicates the fqdn for the actual resource, a KMS in this case.
  • port: the port for the KMS which will be used for the connection.
  • type: The type of connection, this can be one of
    • proxy
    • default
    • enclave The proxy indicates that to access this resource, the enclave needs to use an attestation proxy.
  • proxyUrl: Url for the attestation proxy, which will be used to perform the attestation.
  • attestationPort: It's the port for the attestation proxy, which will be used to perform attestation. The enclave will send the attestation request to the attestation proxy on this port.
  • attestationIntervalSeconds: The time interval in seconds for the enclave to perform periodic attestation with the attestation proxy.
Complete Manifest
apiVersion: 1.1.0
kind: NitroEnclave
metadata:
  name: sample-nitro-enclave-service
  namespace: default
spec:
  containers:
    - name: fastapi
      image: some-docker-image
      ports:
        - name: image-name
          containerPort: 8001
          hostPort: 4455
      command:
        - "python"
        - "/app/uvicorn_runner.py"
      outboundConnections:
        - fqdn: index.docker.io
          port: 443
          type: default
        - fqdn: registry-1.docker.io
          port: 443
          type: default
        - fqdn: auth.docker.io
          type: default
          port: 443
        - fqdn: production.cloudflare.docker.com
          type: default
          port: 443
        - fqdn: docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com
          type: default
          port: 443
        - fqdn: google.com
          port: 443
        - fqdn: kms.us-east-2.amazonaws.com
          port: 443
          type: proxy
          proxyUrl: http://oblv-dev-attestation-proxy.yourdomain.com
          attestationPort: 12008
          attestationIntervalSeconds: 60