Adding Kata guide

2025-11-07 16:45:44 +01:00 · 2025-11-07 16:45:44 +01:00 · 50ada75a2b
commit 50ada75a2b
parent 272791e5b7
2 changed files with 43 additions and 0 deletions
--- a/01-Home.md
+++ b/01-Home.md
@ -3,6 +3,7 @@
 ## Guides
 - [Repository Handling Multiple Environments](Guide-Repository-Handling-Multiple-Environments.md)
 - [Database-PostgreSQL](Guide-Database.md#cloudnative-postgresql-guide)
+- [Confidential-Computing-Kata-CC](Guide-kata-cc.md#OpenShift-Confidential-Computing-with-Kata-Containers)



--- a/Guide-kata-cc.md
+++ b/Guide-kata-cc.md
@ -0,0 +1,42 @@
+# OpenShift Confidential Computing with Kata Containers
+
+This guide demonstrates how to run confidential workloads on OpenShift using **Kata Containers**. Workloads scheduled with the `kata-cc` RuntimeClass leverage **AMD SEV, SEV-ES, and SEV-SNP** hardware-backed memory encryption.
+
+---
+
+## Test Pod Manifest
+
+Below is a pod manifest that demonstrates confidential computing with SEV-SNP enabled.
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: kata-cc-demo
+spec:
+  runtimeClassName: kata-cc
+  containers:
+    - name: demo
+      image: registry.access.redhat.com/ubi9/ubi-minimal:latest
+      command: ["/bin/sh", "-c"]
+      args:
+        - |
+          microdnf install -y procps-ng util-linux
+          echo "Verifying confidential computing (SEV-SNP) status..."
+          dmesg | grep -i SEV
+          echo "Pod will remain running for inspection"
+          sleep 3600
+      securityContext:
+        privileged: true
+  restartPolicy: Never
+
+# Expected Output from inside the pod:
+# ------------------------------------
+# Memory Encryption Features active: AMD SEV SEV-ES SEV-SNP
+# SEV: Status: SEV SEV-ES SEV-SNP
+# SEV: APIC: wakeup_secondary_cpu() replaced with wakeup_cpu_via_vmgexit()
+# SEV: Using SNP CPUID table, 29 entries present.
+# SEV: SNP running at VMPL0
+# SEV: SNP guest platform device initialized
+# sev-guest sev-guest: Initialized SEV guest driver (using vmpck_id 0)
+