Feature request: Enable "--device" in "stack deploy" for Confidential Computing
bluepuma77 opened this issue · comments
The Confidential Computing Consortium was formed in 2019 under the Linux Foundation and has members like Intel, AMD, ARM and Google, IBM, Microsoft. "Confidential computing is a cloud computing technology that isolates sensitive data in a protected CPU enclave during processing. The contents of the enclave - the data being processed, and the techniques that are used to process it - are accessible only to authorised programming code, and are invisible and unknowable to anything or anyone else, including the cloud provider." (Source)
To enable Confidential Computing with Docker containers, the parameter "--device" has to be used (Source1, Source2).
The Docker compose docs state that this is currently not supported when deploying a stack:
There are other issues related to devices (1, 2, 3), maybe the current industry momentum towards Confidential Computing is a good reason to move the device topic forward within Docker Swarm.
Seems there is already a pull request for this: #3106
Another 2 months gone by. Pull request is waiting, why can't it be merged and be included in the next release?
Who is responsible for this decision? Who owns moby/swarmkit
?