How Inclavare Containers Enables Confidential Computing in Cloud‑Native Environments
Inclavare Containers, the first open‑source container runtime for confidential computing, became a CNCF sandbox project in September 2021, integrates with Kubernetes and Docker, offers zero‑trust, remote attestation, OCI compatibility, and aims to standardize secure cloud‑native workloads across clouds.
Project Overview
Inclavare Containers is an open‑source container runtime designed for confidential computing. It became a CNCF sandbox project on 15 September 2021 after a TOC vote. The source code is hosted at https://github.com/alibaba/inclavare-containers. The runtime integrates with both Kubernetes and Docker, enabling workloads to run inside a hardware‑based Trusted Execution Environment (TEE) while preserving the usual container workflow.
Key Technical Features
Zero‑trust security model – assumes the cloud provider is untrusted; the workload’s confidentiality does not rely on privileged components controlled by the provider.
Universal remote attestation – a cross‑platform attestation framework proves that a container is executing inside a genuine TEE, independent of the underlying confidential‑computing technology (e.g., Intel SGX, AMD SEV).
Enclave Runtime API – a standardized API that abstracts enclave runtimes. Current implementations support Occlum, Graphene, and WebAssembly Micro‑Runtime (WAMR), allowing users to select the enclave implementation that best fits their workload.
OCI‑compatible runtime “rune” – implements the OCI runtime specification, so confidential containers can be managed with the same CLI commands (docker run, kubectl) as regular containers.
Kubernetes integration – provides a CRI‑compatible plugin and a Kubernetes runtime class, enabling deployment of confidential containers on any public‑cloud or on‑premises Kubernetes cluster.
Architecture Overview
The runtime consists of three layers: the host Docker/Kubernetes engine, the OCI‑compatible rune runtime, and the enclave runtime (Occlum, Graphene, WAMR). When a container is launched, rune creates an enclave, loads the container image into the enclave, and starts the workload. Remote attestation is performed before the enclave is provisioned, and a sealed key is used to protect data at rest.
Getting Started
Clone the repository:
git clone https://github.com/alibaba/inclavare-containers.gitBuild the rune binary (requires Go 1.16+ and libsgx): cd inclavare-containers && make Register a runtime class in Kubernetes:
apiVersion: node.k8s.io/v1
kind: RuntimeClass
metadata:
name: inclavare
handler: runeRun a confidential container:
kubectl run hello-secure --image=alpine --runtime-class=inclavare -- /bin/sh -c "echo secret"Community and Roadmap
Since its initial open‑source release in May 2020, the project has attracted contributions from multiple organizations. It is a member of the Dragonfly Cloud‑Native Confidential Computing SIG and collaborates with Intel and other chip vendors. Future work includes extending support to additional TEEs, improving tooling for enclave image signing, and enhancing performance monitoring.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Alibaba Cloud Native
We publish cloud-native tech news, curate in-depth content, host regular events and live streams, and share Alibaba product and user case studies. Join us to explore and share the cloud-native insights you need.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.