feat: confidential container for zero trust validated pattenr docs#628
feat: confidential container for zero trust validated pattenr docs#628butler54 wants to merge 1 commit intovalidatedpatterns:mainfrom
Conversation
Signed-off-by: Chris Butler <chris.butler@redhat.com>
gaurav-nelson
force-pushed
the
coco-ztvp
branch
from
e59406f to
b206e80
Compare
sabre1041
left a comment
sabre1041
left a comment
There was a problem hiding this comment.
Looks good. A few small requests
|
|
||
| * link:https://docs.redhat.com/es/documentation/red_hat_trusted_profile_analyzer/2.2[Red{nbsp}Hat Trusted Profile Analyzer (RHTPA)] | ||
| ** Provides the storage and management means for _Software Bill of Materials_ (SBOMs), with cross-referencing capabilities between SBOMs and CVEs/Security Advisories. | ||
| Optionally: |
There was a problem hiding this comment.
| Optionally: | |
| Optionally: |
| Red{nbsp}Hat's link:https://docs.redhat.com/en/documentation/openshift_sandboxed_containers/1.11/html/deploying_confidential_containers/index[OpenShift sandboxed containers Confidential Containers] (CoCo) feature uses Trusted Execution Environments (TEEs). TEEs are specialized CPU features from AMD, Intel, and others that create isolated, encrypted memory spaces (data in use) with cryptographic proof of integrity. | ||
| These hardware guarantees mean workloads can prove they have not been tampered with, and secrets are protected, even from infrastructure administrators. | ||
|
|
||
| Confidential containers within the layered zero-trust pattern integrate zero-trust workload identity management. |
There was a problem hiding this comment.
For zero-trust workload identity management, are we referring to the concept or the product?
|
@sabre1041: changing LGTM is restricted to collaborators DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/retest |
|
🤖 Mon Dec 22 08:24:21 - The preview is ready at: |
| @@ -0,0 +1,215 @@ | |||
| --- | |||
There was a problem hiding this comment.
I missed something, not sure if this content is the best place to add it... maybe adding a note about the trusted/untrusted cluster topology?
5 participants
Signed-off-by: Chris Butler chris.butler@redhat.com