[GSC] Remove GSC tool and its documentation from this repository

GSC (Gramine Shielded Containers) is moved to a separate repository: https://github.com/gramineproject/gsc. Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>
gramineproject · Sep 6, 2021 · d1fd49a · d1fd49a
1 parent f52e492
commit d1fd49a
Show file tree

Hide file tree

Showing 34 changed files with 0 additions and 2,100 deletions.
diff --git a/.ci/gsc.jenkinsfile b/.ci/gsc.jenkinsfile
diff --git a/Documentation/cloud-deployment.rst b/Documentation/cloud-deployment.rst
@@ -65,129 +65,3 @@ Building
        make SGX=1
        make SGX=1 sgx-tokens
        graphene-sgx helloworld
-
-Azure Kubernetes Services (AKS)
--------------------------------
-
-Azure Kubernetes Service (AKS) offers a popular deployment technique relying on
-Azure's cloud resources. AKS hosts Kubernetes pods in Azure confidential compute
-VMs and exposes the underlying confidential compute hardware. In particular,
-`Graphene Shielded Containers (GSC)
-<https://graphene.readthedocs.io/en/latest/manpages/gsc.html>`__ translate
-existing Docker images to graphenized Docker images, which can be deployed in
-AKS. Graphenized Docker images execute the application inside an Intel SGX
-enclave using the Graphene Library OS, thus enabling confidential containers
-functions on AKS.
-
-This section describes the workflow to create an AKS cluster with confidential
-compute VMs, graphenize a simple application, and deploy the graphenized Docker
-image in an AKS cluster.
-
-Prerequisites
-^^^^^^^^^^^^^
-
-Follow the instructions on the `AKS Confidential Computing Quick Start guide
-<https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-get-started>`__
-to provision an AKS cluster with Intel SGX enabled worker nodes.
-
-Follow the `instructions
-<https://graphene.readthedocs.io/en/latest/manpages/gsc.html>`__ to set up
-Graphene Shielded Containers and create your own enclave key.
-
-Graphenizing Python Docker image
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-This section demonstrate how to translate the Python Docker Hub image to a
-graphenized image, which is ready to deploy in a confidential compute AKS
-cluster.
-
-.. warning::
-
-   This example relies on insecure arguments provided at runtime and should not
-   be used production. To use trusted arguments, please see the `manpage of GSC
-   <https://graphene.readthedocs.io/en/latest/manpages/gsc.html#using-graphene-s-trusted-command-line-arguments>`__.
-
-#. Pull Python image::
-
-       docker pull python
-
-#. Configure GSC to build graphenized images for AKS with the
-   `Graphene Docker Image for AKS from Docker Hub
-   <https://hub.docker.com/r/graphenelibos/aks>`__ by creating the following
-   configuration file :file:`config.aks.yaml`::
-
-       Distro: ubuntu18.04
-       Graphene:
-              Image: graphenelibos/aks:latest
-
-#. Create the application-specific Manifest file :file:`python.manifest`::
-
-       sgx.enclave_size = "256M"
-       sgx.thread_num = 4
-
-#. Graphenize the Python image and allow insecure runtime arguments::
-
-       ./gsc build --insecure-args -c config.aks.yaml python python.manifest
-
-#. Sign the graphenized image with your enclave signing key::
-
-       ./gsc sign-image python enclave-key.pem
-
-#. Push resulting image to Docker Hub or your preferred registry::
-
-       docker tag gsc-python <dockerhubusername>/python:gsc-aks
-       docker push <dockerhubusername>/python:gsc-aks
-
-Deploying a "HelloWorld" Python Application in a confidential compute AKS cluster
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-This example first created an AKS cluster capable to create Intel SGX enclaves
-and then, created a graphenized Docker image of Python. The goal of this section
-is to combine both by deploying the Python application in the AKS cluster.
-
-#. Create job deployment file :file:`gsc-aks-python.yaml` for AKS. It specifies
-   the underlying Docker image and the insecure arguments (in this case Python
-   code to print "HelloWorld!")::
-
-       apiVersion: batch/v1
-       kind: Job
-       metadata:
-          name: gsc-aks-python
-          labels:
-             app: gsc-aks-python
-       spec:
-          template:
-             metadata:
-                labels:
-                   app: gsc-aks-python
-             spec:
-                containers:
-                - name: gsc-aks-python
-                  image:  index.docker.io/<dockerhubusername>/python:gsc-aks
-                  imagePullPolicy: Always
-                  args: ["-c", "print('HelloWorld!')"]
-                  resources:
-                     limits:
-                        kubernetes.azure.com/sgx_epc_mem_in_MiB: 25
-                restartPolicy: Never
-          backoffLimit: 0
-
-#. You may need to follow this
-   `guide <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/>`__
-   to pull from a private registry.
-
-#. Deploy `gsc-aks-python` job::
-
-       kubectl apply -f gsc-aks-python.yaml
-
-#. Test job status::
-
-       kubectl get jobs -l app=gsc-aks-python
-
-#. Receive logs of job::
-
-       kubectl logs -l app=gsc-aks-python
-
-#. Delete job after completion::
-
-       kubectl delete -f gsc-aks-python.yaml
diff --git a/Documentation/conf.py b/Documentation/conf.py
@@ -147,7 +147,6 @@ def setup(app):
 man_pages = [
     ('manpages/graphene-manifest', 'graphene-manifest', 'Graphene manifest preprocessor', [author], 1),
     ('manpages/pal_loader', 'pal_loader', 'FIXME Loader', [author], 1),
-    ('manpages/gsc', 'gsc', 'Graphene Shielded Containers', [author], 1),
     ('manpages/is_sgx_available', 'is_sgx_available', 'Check SGX compatibility', [author], 1),
     ('manpages/quote_dump', 'quote_dump', 'Display SGX quote', [author], 1),
     ('manpages/ias_request', 'ias_request', 'Submit Intel Attestation Service request', [author], 1),