Skip links

Red Hat backs CNCF project, spills TEE support over Kubernetes

Red Hat is backing a Cloud Native Computing Foundation (CNCF) project that aims to improve the security of containers in Kubernetes clusters by running them inside hardware-enforced enclaves.

A company blog post says Red Hat is investing in Confidential Containers, which is a relatively new project from the CNCF-backed Confidential Computing Consortium.

Confidential Containers, or “CoCo” for short (which should nicely irritate any fans of the old TRS-80 Color Computer), has just put out its first release, version 0.1.0. The very low version number is meant to be a warning: this is new tech, and definitely not ready for prime time. Appropriately, its documentation is also not yet very comprehensive.

The idea is to run containers inside a Trusted Execution Environment (TEE), a facility offered by most processor architectures for some years now – The Reg wrote about OpenTEE in 2015, for instance, although we’ve also covered ways researchers have found to escape them.

The hard part is that the whole objective of running inside a TEE is to limit communication between the TEE and the host machine, and you can’t readily do that with your usual container: containers are just normal processes running directly on top of the host kernel, as our Brief History of Virtualization explained before Docker was a twinkle in dotCloud’s eye.

By contrast, running an encrypted virtual machine these days is relatively easy, with hardware support from several companies, including AMD’s SEV, as used in Google Cloud, Intel’s comparable SGX, and the newer TDX.

So to deliver workloads running inside TEEs but managed by Kubernetes, the CoCo project uses another technology – Kata Containers – which came out of merging Intel ClearContainers and Hyper runV, and is backed by the OpenStack Foundation.

According to the CoCo docs overview, initially the tool supports five different TEE technologies, the AMD and Intel tools, plus two different IBM technologies: Protected Execution Facility (PEF), which is for POWER servers, and Secure Execution, which is for z/Architecture mainframes.

If the initiative proves successful, it may well come to support more architectures in time – Arm has TrustZone and RISC-V has its own version as well, for instance.

If you, like this vulture, come from the appallingly old-fashioned world of on-prem computing, encrypting your own virtual machines may initially sound a little strange, but it makes sense if you’re running those VMs on somebody else’s hardware, somewhere out there on the internet.

The hardware support for this has been out there for a while, but it’s still not a trivial thing to implement, so if in time this can be reduced down to a tick box in a K8s config page or a line of YAML, that will be welcomed by many. Which, of course, will be welcomed in turn by silicon vendors, because even very lightweight VMs still take more resources than containers. ®