website: Add initial scaffold

This commit has created a new confidential-containers website using
static site generator Hugo: https://gohugo.io/ and using docsy theme:
https://www.docsy.dev/docs/.

In this initial commit I have also copied over few place holder
documentation that we already have in our numerous repositories. I have
copied the demos folder and the release notes from the `coco/coco`
repository. Most of these copied docs have been marked with `TODOs` so
that the appropriate people in relevant project can take a look at it,
suggest changes, fixes and updates.

Signed-off-by: Suraj Deshmukh <suraj.deshmukh@microsoft.com>

.gitignore

@@ -0,0 +1,5 @@
+/public
+resources/
+node_modules/
+package-lock.json
+.hugo_build.lock

Dockerfile

@@ -0,0 +1,4 @@
+FROM klakegg/hugo:ext-alpine
+
+RUN apk add git && \
+    git config --global --add safe.directory /src

archetypes/default.md

@@ -0,0 +1,5 @@
++++
+title = '{{ replace .File.ContentBaseName "-" " " | title }}'
+date = {{ .Date }}
+draft = true
++++

content/en/_index.md

@@ -0,0 +1,83 @@
+---
+title: Confidential Containers
+---
+
+{{< blocks/cover title="Welcome to Confidential Containers!" image_anchor="top" height="full" >}}
+<a class="btn btn-lg btn-primary me-3 mb-4" href="/docs/">
+  Learn More <i class="fas fa-arrow-alt-circle-right ms-2"></i>
+</a>
+<a class="btn btn-lg btn-secondary me-3 mb-4" href="https://github.com/confidential-containers/confidentialcontainers.org">
+  Download <i class="fab fa-github ms-2 "></i>
+</a>
+<p class="lead mt-5">Confidential Computing for &mdash; Kubernetes!</p>
+{{< blocks/link-down color="info" >}}
+{{< /blocks/cover >}}
+
+<!-- Note: The content here is mostly copied / adapted from: https://github.com/confidential-containers/.github/blob/main/profile/README.md. This page shows up when one goes to: https://github.com/confidential-containers/ -->
+
+{{% blocks/lead color="primary" %}}
+Confidential Containers is an open source community working to enable cloud native confidential computing by leveraging [Trusted Execution Environments](https://en.wikipedia.org/wiki/Trusted_execution_environment) to protect containers and data.
+
+{{% /blocks/lead %}}
+
+{{% blocks/section color="dark" type="row" %}}
+
+Goals
+{.h1 .text-center}
+
+{{% blocks/feature icon="fa-microchip" title="Multiple TEEs" %}}
+Support for multiple Trusted Execution Environments (TEEs) and hardware platforms
+
+Please follow this space for updates!
+{{% /blocks/feature %}}
+
+{{% blocks/feature icon="fa-cubes" title="Containers" %}}
+Transparent deployment of unmodified containers
+{{% /blocks/feature %}}
+
+{{% blocks/feature icon="fa-cloud" title="Cloud Service Providers (CSP)" %}}
+A trust model which separates CSPs from guest applications
+{{% /blocks/feature %}}
+
+{{% /blocks/section %}}
+
+{{% blocks/section type="row" %}}
+
+{{% blocks/feature icon="fa-shield" title="Application Security" %}}
+Allow cloud native application owners to enforce application security requirements
+{{% /blocks/feature %}}
+
+{{% blocks/feature icon="fa-key" title="Privilege" %}}
+Least privilege principles for the Kubernetes Cluster administration capabilities which impact delivering Confidential Computing for guest application or data inside the TEE.
+{{% /blocks/feature %}}
+
+{{% /blocks/section %}}
+
+{{% blocks/section type="row" %}}
+
+Community
+{.h1 .text-center}
+
+{{% blocks/feature icon="fab fa-github" title="Contributions welcome!"
+    url="<https://github.com/confidential-containers/confidentialcontainers.org>" %}}
+We do a [Pull Request](https://github.com/confidential-containers/confidentialcontainers.org/pulls)
+contributions workflow on **GitHub**. New users are always welcome!
+{{% /blocks/feature %}}
+
+{{% blocks/feature icon="fab fa-slack" title="We are on CNCF Slack!" url="<https://slack.cncf.io>" %}}
+Join channel #confidential-containers by getting invitation for the [CNCF slack](https://slack.cncf.io).
+{{% /blocks/feature %}}
+
+{{% blocks/feature icon="fa-video-camera" title="Weekly Meetings" url="<https://docs.google.com/document/d/1E3GLCzNgrcigUlgWAZYlgqNTdVwiMwCRTJ0QnJhLZGA/>" %}}
+Check out our previous meetings and join our future ones.
+{{% /blocks/feature %}}
+
+{{% blocks/feature icon="fa-users" title="Community Guidelines" url="<https://github.com/confidential-containers/confidential-containers>" %}}
+How to contribute, style guides, governance...
+{{% /blocks/feature %}}
+
+{{% blocks/feature icon="fa-file" title="Code of Conduct" url="<https://github.com/cncf/foundation/blob/master/code-of-conduct.md>" %}}
+We follow the CNCF Code of Conduct.
+{{% /blocks/feature %}}
+
+{{% /blocks/section %}}

content/en/about/index.md

@@ -0,0 +1,87 @@
+---
+title: About Confidential Containers
+linkTitle: About
+menu:
+  main:
+    weight: 10
+---
+
+{{% blocks/cover title="About Confidential Containers" image_anchor="bottom" height="auto" %}}
+
+<!-- Content here is adopted from: https://github.com/confidential-containers/confidential-containers -->
+
+# Welcome to confidential-containers
+
+{{% /blocks/cover %}}
+
+{{% blocks/lead %}}
+
+Confidential Containers is an open source community working to leverage [Trusted Execution Environments](https://en.wikipedia.org/wiki/Trusted_execution_environment) to protect containers and data and to deliver cloud native confidential computing.
+
+**We have a new release every 6 weeks!**
+See [Release Notes](./releases/) or [Quickstart Guide](./quickstart.md)
+
+{{% /blocks/lead %}}
+
+{{% blocks/section %}}
+
+## Key Considerations
+
+- Allow cloud native application owners to enforce application security requirements
+{.h4 .text-left}
+
+- Transparent deployment of unmodified containers
+{.h4 .text-left}
+
+- Support for multiple TEE and hardware platforms
+{.h4 .text-left}
+
+- A trust model which separates Cloud Service Providers (CSPs) from guest applications
+{.h4 .text-left}
+
+- Least privilege principles for the Kubernetes cluster administration capabilities which impact delivering Confidential Computing for guest applications or data inside the TEE
+{.h4 .text-left}
+
+{.text-center}
+
+{{% /blocks/section %}}
+
+{{% blocks/section %}}
+
+## Get started quickly
+
+[Kubernetes Operator for Confidential Computing](https://github.com/confidential-containers/confidential-containers-operator) : An operator to deploy confidential containers runtime (and required configs) on a Kubernetes cluster
+{.h4 .text-left}
+
+{{% /blocks/section %}}
+
+{{% blocks/section %}}
+
+## Further Detail
+
+[![asciicast](https://asciinema.org/a/eGHhZdQY3uYnDalFAfuB7VYqF.svg)](https://asciinema.org/a/eGHhZdQY3uYnDalFAfuB7VYqF)
+
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fconfidential-containers%2Fcommunity.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fconfidential-containers%2Fcommunity?ref=badge_shield)
+
+- [Project Overview](./overview.md)
+- [Project Architecture](./architecture.md)
+- [Our Roadmap](./roadmap.md)
+- [Alignment with other Projects](alignment.md)
+
+{{% /blocks/section %}}
+
+{{% blocks/section %}}
+
+## Contribute
+
+[CONTRIBUTING](CONTRIBUTING.md)
+
+{{% /blocks/section %}}
+
+{{% blocks/section %}}
+
+## License
+
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fconfidential-containers%2Fcommunity.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fconfidential-containers%2Fcommunity?ref=badge_large)
+
+{{% /blocks/section %}}

content/en/blog/2023/first-blog.md

@@ -0,0 +1,11 @@
+---
+date: 2023-01-06
+title: First ever official blog
+linkTitle: Announcing the website
+description: >
+  First line desc
+  second line desc
+author: Alpha Beta ([@nan](https://twitter.com/nan))
+---
+
+Here is the content of the first blog

content/en/blog/2023/second-blog.md

@@ -0,0 +1,10 @@
+---
+date: 2023-07-06
+title: Second blog
+linkTitle: Second blog
+description: >
+  Meh!
+author: Alpha Beta ([@nan](https://twitter.com/nan))
+---
+
+Well this is the second blog

content/en/blog/_index.md

@@ -0,0 +1,6 @@
+---
+title: Blog
+menu:
+  main:
+    weight: 30
+---

content/en/blog/releases/_index.md

@@ -0,0 +1,4 @@
+---
+title: Releases
+weight: 20
+---

content/en/blog/releases/v0.1.0.md

@@ -0,0 +1,74 @@
+---
+title: Release v0.1.0
+date: 2022-09-29
+description: >
+  Release Notes Confidential Containers v0.1.0
+---
+
+This is the first full release of Confidential Containers.
+The goal of this release is to provide a stable, simple, and well-documented base for the Confidential Containers project.
+The Confidential Containers operator is the focal point of the release.
+The operator allows users to install Confidential Containers on an existing Kubernetes cluster.
+This release also provides core Confidential Containers features, such as being able to run encrypted containers on Intel-TDX and AMD-SEV.
+
+Please see the [quickstart guide](../quickstart.md) for details on how to try out Confidential Containers"
+
+## Hardware Support
+
+Confidential Containers is tested with attestation on the following platforms:
+
+- Intel TDX
+- AMD SEV
+
+The following platforms are untested or partially supported:
+
+- AMD SEV-ES
+- IBM Z SE
+
+The following platforms are in development:
+
+- Intel SGX
+- AMD SEV-SNP
+
+## Limitations
+
+The following are known limitations of this release:
+
+- Platform support is currently limited, and rapidly changing
+  - S390x is not supported by the CoCo operator
+  - AMD SEV-ES has not been tested.
+  - AMD SEV does not support container image signature validation.
+- Attestation and key brokering support is still under development
+  - The disk-based key broker client (KBC) is used when there is no HW support, but is not suitable for production (except with encrypted VM images).
+  - Currently, there are two KBS that can be used:
+    - simple-kbs:  simple key broker service (KBS) for SEV(-ES).
+    - [Verdictd](https://github.com/inclavare-containers/verdictd): An external project with which Attestation Agent can conduct remote attestation communication and key acquisition via EAA KBC
+  - The full-featured generic KBS and the corresponding KBC are still in the development stage.
+  - For developers, other KBCs can be experimented with.
+  - AMD SEV must use a KBS even for unencrypted images.
+- The format of encrypted container images is still subject to change
+  - The oci-crypt container image format itself may still change
+  - The tools to generate images are not in their final form
+  - The image format itself is subject to change in upcoming releases
+  - Image repository support for encrypted images is unequal
+- CoCo currently requires a custom build of `containerd`
+  - The CoCo operator will deploy the correct version of `containerd` for you
+  - Changes are required to delegate `PullImage` to the agent in the virtual machine
+  - The required changes are not part of the vanilla `containerd`
+  - The final form of the required changes in `containerd` is expected to be different
+  - `crio` is not supported
+- CoCo is not fully integrated with the orchestration ecosystem (Kubernetes, OpenShift)
+  - OpenShift is a non-started at the moment due to their dependency on CRIO
+  - Existing APIs do not fully support the CoCo security and threat model
+  - Some commands accessing confidential data, such as `kubectl exec`, may either fail to work, or incorrectly expose information to the host
+  - Container image sharing is not possible in this release
+  - Container images are downloaded by the guest (with encryption), not  by the host
+  - As a result, the same image will be downloaded separately by every pod using it, not shared between pods on the same host.
+- The CoCo community aspires to adopting open source security best practices, but not all practices are adopted yet.
+  - We track our status with the OpenSSF Best Practices Badge, which was at 43% at the time of this release.
+  - The main gaps are in test coverage, both general and security tests.
+  - Vulnerability reporting mechanisms also need to be created. Public github issues are still appropriate for this release until private reporting is established.
+
+## CVE Fixes
+
+None - This is our first release.