Skip to main content

Manifests

Overview

The NitroEnclaveDeployment CustomResourceDefinition (CRD) defines how AWS Nitro Enclaves are deployed and managed within a Kubernetes cluster. By declaring a NitroEnclaveDeployment resource, you can:

  • Provision Enclaves as Kubernetes Workloads: Enclaves get allocated dedicated CPU and memory on Nitro-enabled nodes, but are still administered through native Kubernetes constructs.

  • Customize Container Behavior: The CRD lets you configure the primary application (user plugins) and privileged plugins (e.g. telemetry, logging) that run inside the secure enclave environment.

  • Control Networking and Security: Set ingress rules, egress allowlists, and security contexts to strictly govern traffic flow and protect sensitive data.

By defining a NitroEnclaveDeployment manifest, users specify everything from CPU resources and hugepages to container images and environment variables, streamlining how enclave workloads are created, updated, and monitored within Kubernetes.