Skip to content
/ coco-serverless Public

Run serverless workloads with Knative on Confidential Containers

6 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

coco-serverless/coco-serverless

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits

.github/workflows

.github/workflows

 
 

apps

apps

 
 

bin

bin

 
 

components

components

 
 

conf-files

conf-files

 
 

docker

docker

 
 

docs

docs

 
 

eval

eval

 
 

patches

patches

 
 

tasks

tasks

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

setup.cfg

setup.cfg

 
 

Repository files navigation

CoCo Serverless

The goal of this project is to deploy Knative on CoCo and run some baseline benchmarks.

All instructions in this repository assume that you have checked-out the source code, and have activated the python virtual environment:

source ./bin/workon.sh

# List available tasks
inv -l

Pre-Requisites

You will need CoCo's fork of containerd built and running. To this extent you may run:

inv containerd.build
inv containerd.install

You also need all the kubernetes-related tooling: kubectl, kubeadm, and kubelet:

inv k8s.install [--clean]

You may also want to install k9s, a kubernetes monitoring tool:

inv k9s.install-k9s

Quick Start

Deploy a (single-node) kubernetes cluster using kubeadm:

inv kubeadm.create

Second, install both the operator and the CC runtime from the upstream tag. We currently pin to version v0.7.0 (see the COCO_RELEASE_VERSION variable).

inv operator.install
inv operator.install-cc-runtime

Third, update the initrd file to include our patched kata-agent:

inv kata.replace-agent

if it is the first time, you will have to manually build the agent following these instructions.

Then, you are ready to run one of the supported apps:

If your app uses Knative, you will have to install it first:

inv knative.install

Evaluation

The goal of the project is to measure the performance of Knative with CoCo, and compare it to other isolation mechanisms using standarised benchmarks. To This extent, we provide a thorough evaluation in the evaluation directory.

Uninstall

In order to uninstall components for debugging purposes, you may un-install the CoCo runtime, and then the operator as follows:

inv operator.uninstall-cc-runtime
inv operator.uninstall

Lastly, you can completely remove the k8s cluster by running:

inv kubeadm.destroy

Further Reading

For further documentation, you may want to check these other documents:

  • Attestation - attestation particularities of CoCo and SEV(-ES).
  • Guest Components - patch image-rs or other guest components.
  • K8s - documentation about configuring a single-node Kubernetes cluster.
  • Kata - instructions to build our custom Kata fork and initrd images.
  • Key Broker Service - docs on using and patching the KBS.
  • Knative - documentation about Knative, our serverless runtime of choice.
  • Local Registry - configuring a local registry to store OCI images.
  • OVMF - notes on building OVMF and CoCo's OVMF boot process.
  • SEV - speicifc documentation to get the project working with AMD SEV machines.
  • Troubleshooting - tips to debug when things go sideways.

About

Run serverless workloads with Knative on Confidential Containers

Topics

serverless knative confidential-computing confidential-container

Resources

Readme
Activity
Custom properties

Stars

6 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages