helm-charts

View project on GitHub

Intel^® Security Libraries for Data Center (Intel^® SecL-DC) Helm Charts

A collection of helm charts for ISecL-DC usecases

isecl-helm
- Support Details
- Use Case Helm Charts

Support Details

Kubernetes	Details
Cluster OS	RedHat Enterprise Linux 8.x Ubuntu 20.04
Distributions	Any non-managed K8s cluster
Versions	v1.23
Storage	NFS
Container Runtime	Foundational Security: CRI-O

Use Case Helm Charts

Foundational Security Usecases

Use case	Description	Helm Charts
Host Attestation	Host Attestation(Platform attestation) is cornerstone use case for Intel SecL It involves taking measurements of system components during system boot, and then cryptographically verifying that the actual measurements taken matched a set of expected or approved values, ensuring that the measured components were in an acceptable or “trusted” state at the time of the last system boot.	Certificate Management Service (CMS) Authentication and Authorization Service (AAS) Host Verification Service(HVS) Trustagent (TA)
Trusted Workload Placement(TWP) - Containers	Trusted Workload Placement(Data Sovereignty) builds on the Host Attestation use case to allow physical TPMs to be written with Asset Tags containing any number of key/value pairs. This use case is typically used to identify the geographic location of the physical server, but can also be used to identify other attributes. For example, the Asset Tags provided by this use case could be used to identify hosts that meet specific compliance requirements and can run controlled workloads.	Certificate Management Service (CMS) Authentication and Authorization Service (AAS) Host Verification Service(HVS) admission-controller isecl-controller isecl-scheduler Integration Hub (IHub) Trustagent (TA)
Trusted Workload Placement - Control Plane	Trusted Workload Placement - Control Plane is a subset of trusted workload placement usecase. This usecase helm chart can be deployed on any existing non managed k8s cluster on cloud platform and performs platform attestation of nodes at CSPs or edge nodes.	Certificate Management Service (CMS) Authentication and Authorization Service (AAS) Host Verification Service(HVS)
Trusted Workload Placement - CSP	Trusted Workload Placement - CSP is a subset of trusted workload placement usecase. This usecase helm chart can be deployed on any non managed k8s cluster at CSPs or edge nodes for getting the cluster nodes attested by deployed twp-control-plane services running in cloud	Trustagent (TA) Integration Hub Admission-controller ISecl-Controller ISecl-Scheduler
Workload Security	Workload Confidentiality allows container images to be encrypted at rest, with key access tied to platform integrity attestation. Because security attributes contained in the platform integrity attestation report are used to control access to the decryption keys, this feature provides both protection for at-rest data, IP, code, etc in container images, and also enforcement of image-owner-controlled placement policies.	Certificate Management Service (CMS) Authentication and Authorization Service (AAS) Trustagent (TA) Integration Hub ISecl-Controller ISecl-Scheduler Key Broker Service(KBS) Host Verification Service(HVS) Workload Service(WLS) Workload Agent(WLA)

Product Guide

For more details on the product, installation and deployment strategies, please go through following, (Refer to latest and use case wise guide)

https://intel-secl.github.io/docs

Release Notes

https://intel-secl.github.io/docs/5.0/ReleaseNotes/ReleaseNotes

Issues

Feel free to raise deployment issues here,

https://github.com/intel-secl/helm-charts/issues