Skip to content

feat: confidential container for zero trust validated pattenr docs #628

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
butler54 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: confidential container for zero trust validated pattenr docs #628

butler54 wants to merge 1 commit into from
+228 −0

Conversation

@butler54
Copy link
Contributor

@butler54 butler54 commented Dec 15, 2025

Signed-off-by: Chris Butler chris.butler@redhat.com

@openshift-ci openshift-ci bot added the size/L label Dec 15, 2025
@butler54 @gaurav-nelson
feat: confidential container for zero trust validated pattenr docs
b206e80 
Signed-off-by: Chris Butler <chris.butler@redhat.com>
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 19, 2025

@butler54: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/build-preview b206e80 link true /test build-preview

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

sabre1041
sabre1041 suggested changes Dec 19, 2025
View reviewed changes
Copy link

@sabre1041 sabre1041 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. A few small requests

content/patterns/layered-zero-trust/_index.adoc

* link:https://docs.redhat.com/es/documentation/red_hat_trusted_profile_analyzer/2.2[Red{nbsp}Hat Trusted Profile Analyzer (RHTPA)]
** Provides the storage and management means for _Software Bill of Materials_ (SBOMs), with cross-referencing capabilities between SBOMs and CVEs/Security Advisories.
Optionally:
Copy link

@sabre1041 sabre1041 Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Optionally:
Optionally:

content/patterns/layered-zero-trust/lzt-confidential-containers.adoc
Red{nbsp}Hat's link:https://docs.redhat.com/en/documentation/openshift_sandboxed_containers/1.11/html/deploying_confidential_containers/index[OpenShift sandboxed containers Confidential Containers] (CoCo) feature uses Trusted Execution Environments (TEEs). TEEs are specialized CPU features from AMD, Intel, and others that create isolated, encrypted memory spaces (data in use) with cryptographic proof of integrity.
These hardware guarantees mean workloads can prove they have not been tampered with, and secrets are protected, even from infrastructure administrators.

Confidential containers within the layered zero-trust pattern integrate zero-trust workload identity management.
Copy link

@sabre1041 sabre1041 Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For zero-trust workload identity management, are we referring to the concept or the product?

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 19, 2025

@sabre1041: changing LGTM is restricted to collaborators

Details

In response to this:

Looks good. A few small requests

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@beekhof beekhof Awaiting requested review from beekhof

@dminnear-rh dminnear-rh Awaiting requested review from dminnear-rh

1 more reviewer

@sabre1041 sabre1041 sabre1041 requested changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@butler54 @sabre1041