Add example of AKS attestation and secret provisioning

[veenasai2]

Signed-off-by: Veena Saini [email protected]

Description of the changes

This PR provides a reference implementation to show how gramine attestation (DCAP) samples works inside AKS cluster. We have created two docker images for ra-tls-secret-prov server and ra-tls-secret-prov client. Both images are deployed as part of AKS confidential compute cluster and both quote generation and quote verification are successful inside AKS cluster.

For client deployment inside AKS cluster, we have contrib/Examples/aks-attestation/aks-secret-prov-client-deployment.yaml and for server deployment contrib/Examples/aks-attestation/aks-secret-prov-server-deployment.yaml file.

For more details, we have created a readme file.

This PR is an updated version of gramineproject/gsc#38.

How to test this PR?

Please follow contrib/Examples/aks-attestation/README.md

---

This change is 

[dimakuv]

Reviewed 13 of 13 files at r1, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions, not enough approvals from maintainers (3 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @veenasai2)

---

-- commits, line 3 at r1:
I will add some more info in the commit message:

This example demonstrates how Gramine DCAP attestation quote can be generated and verified from
within an Azure Kubernetes Service (AKS) cluster. The example contains reference wrappers that
enable Gramine to use AKS components such as AESMD and DCAP quote provider libraries. This example
also contains a microservice deployment for the RA-TLS verifier (secret provisioning service) that
can be readily deployed to the AKS cluster.

This example is based on the `ra-tls-secret-prov` example from the core Gramine repo. To run the
client and server apps from that example inside the AKS cluster, we prepare two Docker
images, one for the client and one for the server. The client image must be graminized via GSC.

This example is Ubuntu-specific (tested version is Ubuntu 18.04).

---

Examples/aks-attestation/README.md, line 56 at r1 (raw file):

### Creating client (SGX application) image

Need to add a link to the GSC repo, otherwise users may not know what GSC is. I'll add it now.

[dimakuv]

Reviewed 1 of 1 files at r2, all commit messages.
Reviewable status: all files reviewed, all discussions resolved, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: Intel)

---

-- commits, line 3 at r1:

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

I will add some more info in the commit message:

This example demonstrates how Gramine DCAP attestation quote can be generated and verified from
within an Azure Kubernetes Service (AKS) cluster. The example contains reference wrappers that
enable Gramine to use AKS components such as AESMD and DCAP quote provider libraries. This example
also contains a microservice deployment for the RA-TLS verifier (secret provisioning service) that
can be readily deployed to the AKS cluster.

This example is based on the `ra-tls-secret-prov` example from the core Gramine repo. To run the
client and server apps from that example inside the AKS cluster, we prepare two Docker
images, one for the client and one for the server. The client image must be graminized via GSC.

This example is Ubuntu-specific (tested version is Ubuntu 18.04).

Done.

---

Examples/aks-attestation/README.md, line 56 at r1 (raw file):

Previously, dimakuv (Dmitrii Kuvaiskii) wrote…

Need to add a link to the GSC repo, otherwise users may not know what GSC is. I'll add it now.

Done.

[mkow]

Reviewed 12 of 13 files at r1, 1 of 1 files at r2, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved