This topic describes sgx-device-plugin and lists the latest changes to the component.
sgx-device-plugin is a plug-in that applies to Container Service for Kubernetes (ACK). The plug-in is developed by Alibaba Cloud and Ant Financial. sgx-device-plugin facilitates the use of Intel (R) Software Guard Extensions (SGX) in containers. Intel (R) SGX is a set of CPU instructions provided by Intel. Intel (R) SGX increases the security of application code and data. This extra protection allows you to prevent against disclosure and malicious tampering. For more information, see software-guard-extensions.Features
- Intel (R) SGX is supported. You do not need to enable the privilege mode.
- The Enclave Page Cache (EPC) size can be automatically retrieved.
- Declarative EPC resource allocation is supported.
- Can I deploy sgx-device-plugin in Kubernetes clusters that are deployed outside Alibaba
Yes, sgx-device-plugin can be deployed in all types of Kubernetes clusters. However, you can run sgx-device-plugin on only SGX-enabled nodes.
- Can I use sgx-device-plugin to control the EPC size for SGX-enabled containers?
No, you cannot use sgx-device-plugin to control the EPC size for SGX-enabled containers. The EPC size limit specified by the alibabacloud.com/sgx_epc_MiB parameter applies to only kube-scheduler. Intel (R) SGX Driver does not support this parameter.
- Is sgx-device-plugin open source?
Yes, sgx-device-plugin is open source. For more information, see sgx-device-plugin.
|Version||Image address||Release date||Description||Impact|
|v1.0.0-5f5b5ef-aliyun||registry.cn-hangzhou.aliyuncs.com/acs/sgx-device-plugin:v1.0.0-5f5b5ef-aliyun||February 21, 2020||
||No impact on workloads.|