Secure enclaves and Confidential Computing (CC) are the talk of the town — at least in the cloud-security community. Intel’s SGX processors in particular have made it possible to execute code in a Trusted Execution Environment (TEE) and thus guarantee encryption even during processing in the CPU — verification included. But of course, for Confidential Computing to catch on, apps have to be built that run on processors like Intel-SGX. And, of course, these apps need to be deployed in a scalable way. That’s why this tutorial is about how to easily deploy SGX apps on Kubernetes. First of all, you will need Kubernetes nodes with SGX-capable CPUs. The way Kubernetes handles “special devices” as SGX is through so-called “device plugins”. Multiple SGX device plugins exist for Kubernetes, e.g.: