Intel Software Guard Extensions (SGX) Device Plugin for Kubernetes ================================================================== In a hybrid/heterogeneous Kubernetes cluster not all nodes may support SGX. In order to properly identify suitable SGX nodes, you need to install Intel Software Guard Extensions (SGX) device plugin for Kubernetes. Once the plugin is installed, it is possible to specify Kubernetes SGX requirements via resources/limits, for example: <...> resources: limits: sgx.intel.com/enclave: '1' sgx.intel.com/epc: 204800k <...> SGX Plugin Installation Steps ============================= The steps below were tested using the demo Kubernetes cluster as described in "Getting_Started". Login to the Kubernetes master node. Install "jq" and "git" if not already installed: $ sudo dnf install jq git List all nodes with SGX: $ kubectl get nodes -o json | jq .items[].status.allocatable | grep -i sgx "sgx.intel.com/enclave": "110", "sgx.intel.com/provision": "110" "sgx.intel.com/enclave": "110", "sgx.intel.com/provision": "110" "sgx.intel.com/enclave": "110", "sgx.intel.com/provision": "110" Please note there are no EPC size listed. To install the SGX plugin, issue these two commands: $ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml $ kubectl apply -k https://github.com/intel/intel-device-plugins-for-kubernetes/deployments/sgx_plugin/overlays/epc-nfd?ref=v0.21.0 After about a minute verify the updated node information: $ kubectl get nodes -o json | jq .items[].status.allocatable | grep -i sgx "sgx.intel.com/enclave": "110", "sgx.intel.com/epc": "268435456", "sgx.intel.com/provision": "110" "sgx.intel.com/enclave": "110", "sgx.intel.com/epc": "536870912", "sgx.intel.com/provision": "110" "sgx.intel.com/enclave": "110", "sgx.intel.com/epc": "536870912", "sgx.intel.com/provision": "110" For more detailed information, please consult the following links: https://docs.01.org/kubernetes/nfd/overview.html https://github.com/intel/intel-device-plugins-for-kubernetes/blob/main/cmd/sgx_plugin/README.md https://download.01.org/intelsgxstack/2021-12-08/Getting_Started.pdf