PLEASE NOTE: for anonymity, some repository, folder and file names have been changed which can cause some scripts to fail. The code in this repository is meant for review only and the final version of the paper will point to the real open source repositories
- Docker.
- All scripts are written in PowerShell to work cross-platform. If you are on Linux, follow these
instructions
to install PowerShell. Once its installed, you can run the
pwsh
command to start the shell. - Azure command line tools.
Build containers using the following script.
cd $REPOSITORY_ROOT_PATH/ci
./build-containers.ps1
This will build the following containers.
- Transparent build container
- Transparecy sidecar
- Transparency proxy based on envoy which intercepts and redirects HTTP traffic through the transparency sidecar.
- Init container which configures iptable rules to the proxy
To publish the locally built container images, you need a container registry account, such as with Azure Container Registry (ACR). Once you have access to an account, edit the file set-env.ps1, specify the name of the container registry, username and password.
Set the environment variables
./set-env.ps1
Login to your Azure subscrption and container registry
az login
az acr login -n $ENV:CONTAINER_REGISTRY
Finally, tag and push the container images in powershell
:
./deployment/aci/push-containers.ps1
To deploy the container group to Confidential ACI, first install Azure command line tools for confidential containers. This is a one time task.
az extension add --source https://acccliazext.blob.core.windows.net/confcom/confcom-0.1.2-py3-none-any.whl -y
Next, generate a container security policy from the policy template.
cd deployment/aci
./set-policy-parameters.ps1
Finally, deploy the service.
./deploy-transparent-build-service.ps1