Skip to content

kisakthi/helm-charts

Repository files navigation

Intel® Security Libraries for Data Center (Intel® SecL-DC) Helm Charts

A collection of helm charts for ISecL-DC usecases

Support Details

Kubernetes Details
Cluster OS RedHat Enterprise Linux 8.x
Ubuntu 20.04
Distributions Any non-managed K8s cluster
Versions v1.23
Storage NFS
Container Runtime Foundational Security: CRI-O

Use Case Helm Charts

Foundational Security Usecases

Use case Description Helm Charts
Host Attestation Host Attestation(Platform attestation) is cornerstone use case for Intel SecL It involves taking measurements of system components during system boot, and then cryptographically verifying that the actual measurements taken matched a set of expected or approved values, ensuring that the measured components were in an acceptable or "trusted" state at the time of the last system boot. Certificate Management Service (CMS)

Authentication and Authorization Service (AAS)

Host Verification Service(HVS)

Trustagent (TA)
Trusted Workload Placement(TWP) - Containers Trusted Workload Placement(Data Sovereignty) builds on the Host Attestation use case to allow physical TPMs to be written with Asset Tags containing any number of key/value pairs. This use case is typically used to identify the geographic location of the physical server, but can also be used to identify other attributes. For example, the Asset Tags provided by this use case could be used to identify hosts that meet specific compliance requirements and can run controlled workloads. Certificate Management Service (CMS)

Authentication and Authorization Service (AAS)

Host Verification Service(HVS)

admission-controller

isecl-controller

isecl-scheduler

Integration Hub (IHub)

Trustagent (TA)
Trusted Workload Placement - Control Plane Trusted Workload Placement - Control Plane is a subset of trusted workload placement usecase. This usecase helm chart can be deployed on any existing non managed k8s cluster on cloud platform and performs platform attestation of nodes at CSPs or edge nodes. Certificate Management Service (CMS)

Authentication and Authorization Service (AAS)

Host Verification Service(HVS)

Trusted Workload Placement - CSP Trusted Workload Placement - CSP is a subset of trusted workload placement usecase. This usecase helm chart can be deployed on any non managed k8s cluster at CSPs or edge nodes for getting the cluster nodes attested by deployed twp-control-plane services running in cloud Trustagent (TA)

Integration Hub

Admission-controller

ISecl-Controller

ISecl-Scheduler
Workload Security Workload Confidentiality allows container images to be encrypted at rest, with key access tied to platform integrity attestation. Because security attributes contained in the platform integrity attestation report are used to control access to the decryption keys, this feature provides both protection for at-rest data, IP, code, etc in container images, and also enforcement of image-owner-controlled placement policies. Certificate Management Service (CMS)

Authentication and Authorization Service (AAS)

Trustagent (TA)

Integration Hub

ISecl-Controller

ISecl-Scheduler

Key Broker Service(KBS)

Host Verification Service(HVS)

Workload Service(WLS)

Workload Agent(WLA)

Product Guide

For more details on the product, installation and deployment strategies, please go through following, (Refer to latest and use case wise guide)

https://intel-secl.github.io/docs

Release Notes

https://intel-secl.github.io/docs/4.2/ReleaseNotes/ReleaseNotes

Issues

Feel free to raise deployment issues here,

https://github.com/intel-secl/helm-charts/issues

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Packages

No packages published