To see the customizations this chart currently supports, have a look at
- A Kubernetes cluster.
- Helm 3 installed.
Before you begin
- Submit any SCONE sessions (e.g., the one located in
../../policies) to a CAS that is accessible from within the cluster. Reference them through
- Create the directories you need in the worker nodes, as this application relies on hostPath volumes. They are defined in
- Clone this git repository.
Install the chart
Add the repo
If you haven't yet, please add this repo to Helm.
To deploy OpenVINO with the default parameters to your Kubernetes cluster:
helm install my-openvino sconeapps/openvino
See your deployed pods by running
kubectl get pods | grep my-openvino.
By default, this helm chart uses the SCONE SGX Plugin. Hence, it sets the resource limits of CAS as follows:
resources: limits: sgx.intel.com/enclave: 1
--useSGXDevPlugin=azure) to support Azure's SGX Device Plugin. Since Azure requires the amount of EPC memory allocated to your application to be specified, the parameter
sgxEpcMem (SGX EPC memory in MiB) becomes required too (e.g.,
--set useSGXDevPlugin=azure --set sgxEpcMem=16).
In case you do not want to use the SGX plugin, you can remove the resource limit and explicitly mount the local SGX device into your container by setting:
extraVolumes: - name: dev-isgx hostPath: path: /dev/isgx extraVolumeMounts: - name: dev-isgx path: /dev/isgx
Please note that mounting the local SGX device into your container requires privileged mode, which will grant your container access to ALL host devices. To enable privileged mode, set
securityContext: privileged: true