From afa6497ee2376c7c24eb229233dcfc27a81f21c1 Mon Sep 17 00:00:00 2001 From: catttam Date: Fri, 19 Jan 2024 11:17:00 +0100 Subject: [PATCH 1/2] Updated documentation --- docs/fdl.md | 3 ++- docs/sgx-integration.md | 17 +++++++++++++++++ docs/usage.md | 2 +- mkdocs.yml | 7 +++++-- 4 files changed, 25 insertions(+), 4 deletions(-) create mode 100644 docs/sgx-integration.md diff --git a/docs/fdl.md b/docs/fdl.md index a6811a8e..04c517f8 100644 --- a/docs/fdl.md +++ b/docs/fdl.md @@ -72,7 +72,8 @@ storage_providers: |------------------------------| --------------------------------------------| | `name`
*string* | The name of the service | | `cluster_id`
*string* | Identifier for the current cluster, used to specify the cluster's StorageProvider in job delegations. OSCAR-CLI sets it using the ClusterID from the FDL. Optional. (default: "") | -| `image`
*string* | Docker image for the service | +| `image`
*string* | Docker image for the service | +| `vo`
*string* | VO in which the user creating the service is enrolled. Optional (default: "") | | `alpine`
*boolean* | Alpine parameter to set if image is based on Alpine. If `true` a custom release of faas-supervisor will be used. Optional (default: false) | | `script`
*string* | Local path to the user script to be executed in the service container | | `file_stage_in`
*bool* | Parameter to skip the download of the input files by the FaaS Supervisor (default: false) | diff --git a/docs/sgx-integration.md b/docs/sgx-integration.md new file mode 100644 index 00000000..db894706 --- /dev/null +++ b/docs/sgx-integration.md @@ -0,0 +1,17 @@ +# Integration with SCONE + +SCONE is a tool that allows confidential computing on the cloud thus protecting the data, code and application secrets on a Kubernetes cluster (More info about SCONE and Kubernetes [here](https://sconedocs.github.io/k8s_concepts/)). + +To use SCONE on a Kubernetes cluster Intel SGX has to be enabled on the machines, and for these, the SGX Kubernetes plugin needs to be present on the cluster. Once the plugin is installed you only need to specify the parameter `enable_sgx` on the FDL of the services that are going to use a secured container image like in the following example. + +``` yaml +functions: + oscar: + - oscar-cluster: + name: sgx-service + memory: 1Gi + cpu: '0.6' + image: your_image + enable_sgx: true + script: script.sh +``` \ No newline at end of file diff --git a/docs/usage.md b/docs/usage.md index 11715d64..61235c0e 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -17,7 +17,7 @@ You can follow one of the [examples](https://github.com/grycap/oscar/tree/master/examples) in order to test the OSCAR framework for specific applications. We recommend you to start with the -[plant classification example](https://github.com/grycap/oscar/tree/master/examples/imagemagick) +[plant classification example](https://github.com/grycap/oscar/tree/master/examples/plant-classification-sync) detailed below. If you prefer to use the command-line interface rather than the web-based UI, diff --git a/mkdocs.yml b/mkdocs.yml index a22c56f6..3003179e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -13,10 +13,13 @@ nav: - Functions Definition Language (FDL): fdl.md - FDL Composer: fdl-composer.md - oscar-cli.md -- Integration with EGI: egi-integration.md -- OIDC Authorization: oidc-auth.md - OpenAPI Specification: api.md - MinIO bucket replication: minio-bucket-replication.md +nav: +- Third party integrations: + - Integration with EGI: egi-integration.md + - OIDC Authorization: oidc-auth.md + - Integration with SCONE: sgx-integration.md - Frequently Asked Questions (FAQ): faq.md - license.md - about.md From ffa27b25d374ed6ac787bead273d85adecbdefc0 Mon Sep 17 00:00:00 2001 From: catttam Date: Fri, 19 Jan 2024 11:30:57 +0100 Subject: [PATCH 2/2] Minor fix --- docs/fdl.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/fdl.md b/docs/fdl.md index 04c517f8..d8836c44 100644 --- a/docs/fdl.md +++ b/docs/fdl.md @@ -73,7 +73,7 @@ storage_providers: | `name`
*string* | The name of the service | | `cluster_id`
*string* | Identifier for the current cluster, used to specify the cluster's StorageProvider in job delegations. OSCAR-CLI sets it using the ClusterID from the FDL. Optional. (default: "") | | `image`
*string* | Docker image for the service | -| `vo`
*string* | VO in which the user creating the service is enrolled. Optional (default: "") | +| `vo`
*string* | Virtual Organization (VO) in which the user creating the service is enrolled. Optional (default: "") | | `alpine`
*boolean* | Alpine parameter to set if image is based on Alpine. If `true` a custom release of faas-supervisor will be used. Optional (default: false) | | `script`
*string* | Local path to the user script to be executed in the service container | | `file_stage_in`
*bool* | Parameter to skip the download of the input files by the FaaS Supervisor (default: false) |