Sconectl Service Description (0.2.1)

Download OpenAPI specification:Download

genservice

Describe the service manifest that guides the creation of confidential images. To create a confidential image, execute sconectl apply -f manifest.yaml

Objective: describe how to build a confidential image.

Request Body schema: application/json

Some interesting description

apiVersion
required
string

API Version

  • Expecting 'scone/'. The VERSION must be '5.8.0' or higher
apiVersion: scone/5.8
required
object (Build)

Section Build defines how to build the confidential image.

build:
  name: python-hello-user
  kind: python
  to: $APP_IMAGE_REPO/python_hello_user:1
  pwd: /python
  command: python3 print_env.py
  requirements: requirements.txt
  copy:
    - print_env.py
  signature:
    sign: true
  run:
    - > 
     echo 'You can also RUN additional commands in the same way as docker build RUN commands'
     && echo 'If you use multi-line commands, please do not forget to start lines with &&.'
     && echo 'A multi-line command like this will be added as a single line. No need for \'
    - echo 'Or use single line command'
    - echo 'Each command is executed by a single RUN command'
required
object (Environment)

Define environment variables:

  • local environment variables are defined in the service manifest and are reused across meshes (aka applications).
  • global environment variables are defined in the mesh file. We might define a default value here. If no default is set, this value must be defined in the mesh file.
Array of objects (InjectionFiles) Nullable

Define files that should be injected into the confidential image. These injected files might contain secrets that are retrieved from SCONE CAS.

injection_files:
# todo: ensure this cert is available
- path: /etc/nginx_ca.crt
  content: $$SCONE::NGINX_SERVER_CA_CERT.chain$$
# Network files
- path: /etc/resolv.conf
  content: |
    nameserver {{CLUSTER_DNS_IP}}
    search {{K8sNAMESPACE}}.svc.cluster.local svc.cluster.local cluster.local
   options ndots:5
kind
required
string

We define a single kind of manifest:

  • 'genservice'
kind: genservice
object (Secrets)

Define secrets that are managed by SCONE CAS

secrets:
global: 
- name: password
  kind: ascii
  size: 10

Request samples

Content type
application/json
{
  • "apiVersion": "scone/5.8.0",
  • "build": {
    },
  • "environment": {
    },
  • "injection_files": [
    ],
  • "kind": "genservice",
  • "secrets": {
    }
}