Manifests
Overview
Manifests are the centrepiece of how you control your deployment to
enclaves in OBLV Deploy. They generally follow native Kubernetes
manifests, with a few small tweaks to configure the nuances required for
secure enclave deployments.
When writing an OBLV Deploy manifest, it's useful to keep in mind the
general structure you'll be following:
NitroEnclaveDeployment v1alpha1
| Field | Description |
|---|
apiVersion | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info |
kind | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info |
metadata | Standard object's metadata. More info |
spec | Specification of the desired behavior of the Deployment. |
status | Most recently observed status of the Deployment. |
NitroEnclaveDeploymentSpec v1alpha1
| Field | Description |
|---|
replicas | The number of enclave pod replicas |
podLabels | The labels to apply to the enclave pods |
ingress | The ingress configuration for the NitroEnclaveDeployment |
enclaveCpuCount | The number of vCPUs to allocate to the enclave |
hugepages-1Gi | The amount of 1Gi hugepages to allocate to the enclave |
hugepages-2Mi | The amount of 2Mi hugepages to allocate to the enclave |
serviceAccount | The service account to attach for the enclave pod |
caCertDetails | The CA certificate details to use inside the enclave |
userPlugins | The user plugins to run in the enclave |
plugins | Configuration for the privileged plugins |
NitroEnclaveDeploymentStatus v1alpha1
| Field | Description |
|---|
deploymentName | The name of the deployment that is running the enclaves |
status | Overall status of the deployment |
replicas | The number of replicas that are running |
selector | The selector that is used to select the pods |
readyReplicas | The number of replicas that are ready |
availableReplicas | The number of replicas that are available |
readyReplicasRatio | The ratio of ready replicas to total replicas |
ingress NitroEnclaveDeploymentSpec v1alpha1
| Field | Description |
|---|
enabled | Whether to enable the ingress for the NitroEnclaveDeployment |
internetFacing | Whether the ingress should be internet facing |
dnsHostName | The DNS host name to use for the ingress NLB |
ingressTlsCertificate | The TLS certificate to use for the inbound Proxy |
ports | The port mappings for the ingress |
userPlugins NitroEnclaveDeploymentSpec v1alpha1
| Field | Description |
|---|
name | Name of the user plugin |
image | Docker image of the container to be run |
imagePullSecret | Secrets to pull image from the docker registry |
hostNetwork | Whether to enable host network for this plugin |
ports | The port mappings on the user container |
volumes | The volumes to mount on the user container |
env | The environment variables to set on the user plugin container |
outboundConnections | The outbound connections to allow from the user plugin container |
command | The command to run in the user plugin container |
args | The arguments to pass to the command in the user plugin container |
securityContext | The security context for the user plugin container |
plugins NitroEnclaveDeploymentSpec v1alpha1
| Field | Description |
|---|
auth | Configuration of auth plugin |
logging | Configuration of logging plugin |
telemetry | Configuration of telemetry plugin |
auth plugin NitroEnclaveDeploymentSpec v1alpha1
| Field | Description |
|---|
name | Name of the user plugin |
image | Docker image of the container to be run |
imagePullSecret | Secrets to pull image from the docker registry |
ports | The port mappings on the user container |
volumes | The volumes to mount on the user container |
env | The environment variables to set on the user plugin container |
outboundConnections | The outbound connections to allow from the user plugin container |
command | The command to run in the user plugin container |
args | The arguments to pass to the command in the user plugin container |
securityContext | The security context for the user plugin container |
resources | Resources allowed (cpu|ram) for the auth plugin container |
logging plugin NitroEnclaveDeploymentSpec v1alpha1
| Field | Description |
|---|
name | Name of the user plugin |
image | Docker image of the container to be run |
imagePullSecret | Secrets to pull image from the docker registry |
volumes | The volumes to mount on the user container |
env | The environment variables to set on the user plugin container |
outboundConnections | The outbound connections to allow from the user plugin container |
command | The command to run in the user plugin container |
args | The arguments to pass to the command in the user plugin container |
securityContext | The security context for the user plugin container |
telemetry plugin NitroEnclaveDeploymentSpec v1alpha1
| Field | Description |
|---|
name | Name of the user plugin |
image | Docker image of the container to be run |
imagePullSecret | Secrets to pull image from the docker registry |
ports | The port mappings on the user container |
volumes | The volumes to mount on the user container |
env | The environment variables to set on the user plugin container |
outboundConnections | The outbound connections to allow from the user plugin container |
command | The command to run in the user plugin container |
args | The arguments to pass to the command in the user plugin container |
securityContext | The security context for the user plugin container |