Runtime Requirements for the Blueprint Manager
Blueprints can be executed in multiple ways (see Sources), with each requiring certain dependencies, and possibly hardware.
Native Sources
There are two ways to run blueprints with Native Sources in the
blueprint-manager: sandboxed (recommended) or not
In either case, the following dependencies will be needed:
- GitHub CLI (for binary attestations)
Then additionally for the two execution methods:
Not Sandboxed
No extra dependencies, the blueprint will run as a normal host process.
Sandboxed (Linux Only)
- cloud-hypervisor
- Note, no additional setup of
cloud-hypervisorneeds to be done. The manager handles downloading the latest kernel and disk images. Simply installing and adding it toPATHis enough.
- Note, no additional setup of
- Allow
CAP_NET_ADMINfor theblueprint-managerbinary- This can be done by running
setcap cap_net_admin+eip /path/to/blueprint-manager - or simply running the
blueprint-manageras root (not recommended)
- This can be done by running
Container Sources
The requirements for running blueprints with Container Sources are:
- Kubernetes
- Docker
- The Kata Containers runtime
TEE Sources (WIP, Linux Only)
The requirements for running blueprints with TEE Sources are:
- dstack VMM
- TODO?
WASM Sources (WIP)
The requirements for running blueprints with WASM Sources are:
- TODO