Deploy the Intel SGX Device Plugin for KubenetesDeploy the I

The instructions in this section are modified from the Intel SGX Device Plugin homepage, to which please refer should questions arise.

Prerequisites

Prerequisites for building and running these device plugins include:

Appropriate hardware
A fully configured Kubernetes cluster
A working Go environment, of at least version v1.16

Here we would want to deploy the plugin as a DaemonSet, so pull the source code. In the working directory, compile with

make intel-sgx-plugin
make intel-sgx-initcontainer

Problem Solution:

If you encounter error like Get "https://proxy.golang.org/github.com/klauspost/cpuid/v2/@v/v2.0.9.zip": dial tcp 142.251.43.17:443: i/o timeout, this is because the go inside the docker needs a proxy to download files. Locate the command causing the problem, go to the according Dockfile in ./build/docker and add the below command before the install step. Then, make again and you will go through the download process successfully.

go env -w GOPROXY=https://goproxy.cn;

If you encounter error like gcr.io/distroless/static net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers), this is because docker cannot acccess repository oversea,. Go to ./build/docker and find all files containing FROM gcr.io/distroless/static, then change this command to FROM ${GOLANG_BASE}. After that, make again.
download failed

curl -SL github.com/landley/toy…

% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:02:00 --:--:-- 0 curl: (52) Empty reply from server

change to wget

wget github.com/landley/toy… $TOYBOX_VERSION.tar.gz \ && mv$ TOYBOX_VERSION.tar.gz toybox.tar.gz \

Deploy the DaemonSet with

kubectl apply -k deployments/sgx_plugin/overlays/epc-register/

Verify with (replace the <node name> with your own node name)

kubectl describe node <node name> | grep sgx.intel.com

Problem Solution:

kube-system sgx-node-init-p76zh 0/1 ContainerCreating 0 135m ali-ecs2

Warning FailedCreatePodSandBox 3m10s (x7872 over 138m) kubelet (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "a5d91a4e547be2ebf3216ad2825e82f2564389abe28515ffb820229b77ccabd6" network for pod "sgx-node-init-p76zh": networkPlugin cni failed to set up pod "sgx-node-init-p76zh_kube-system" network: failed to delegate add: failed to set bridge addr: "cni0" already has an IP address different from 10.244.1.1/24

check flannel configure

cd /run mkdir flannel cd flannel echo "FLANNEL_NETWORK=10.244.0.0/16 FLANNEL_SUBNET=10.244.0.1/24 FLANNEL_MTU=1450 FLANNEL_IPMASQ=true" >> subnet.env