Skip to content

Add visual-attestation-demo-v2 (ACI, no SKR) and azure-voting-app (AKS SEV-SNP)#29

Merged
vinfnet merged 8 commits into
Azure-Samples:mainfrom
vinfnet:exp-aks-voting-app
Jun 4, 2026
Merged

Add visual-attestation-demo-v2 (ACI, no SKR) and azure-voting-app (AKS SEV-SNP)#29
vinfnet merged 8 commits into
Azure-Samples:mainfrom
vinfnet:exp-aks-voting-app

Conversation

@vinfnet

@vinfnet vinfnet commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

This PR bundles two new Azure Confidential Computing samples plus README updates surfacing them.

1. ACI sample: aci-samples/visual-attestation-demo-v2/ (no SKR sidecar)

Simplified ACI port of the AKS visual attestation sample. The Flask app calls Microsoft Azure Attestation directly from inside a single container via the upstream get-snp-report tool baked into the image with a multi-stage Dockerfile.

  • Flow: build {nonce, client} runtime data ΓåÆ REPORT_DATA = SHA-256(runtime) || 0x32 ΓåÆ get-snp-report against /dev/sev-guest ΓåÆ POST report + THIM cert chain + UVM endorsements to https://<maa>/attest/SevSnpVm ΓåÆ render the decoded MAA JWT with x-ms-sevsnpvm-* claims highlighted.
  • Two ARM templates (Confidential + Standard SKU) and Deploy-VisualAttestationV2.ps1 orchestrator with -Build, -Deploy, -Compare, -Cleanup modes. -Compare regenerates the CCE policy via az confcom acipolicygen.
  • README embeds screenshots of both SKUs side-by-side; the Standard SKU deterministically fails on /dev/sev-guest absence, which is the educational contrast.

Verified end-to-end: ACR image acrlifmcdwj.azurecr.io/cc-attest:1.0 (digest sha256:22cadc35...). Confidential ACI returned MAA JWT with x-ms-attestation-type=sevsnpvm, x-ms-compliance-status=azure-compliant-uvm. CCE policy hash 3a2f83f0ca4f364ff9697655cf354e5c4da735179fced7b3fd75f7a329043b68. Standard ACI failed deterministically with Neither /dev/sev-guest nor /dev/sev is present.

2. AKS sample: aks-samples/azure-voting-app/

Builds a randomly-named AKS cluster with the smallest possible AMD SEV-SNP confidential node pool (2x Standard_DC2as_v5) and deploys the public Azure Voting App on it, pinned to the CC pool via nodeSelector: workload=confidential.

  • Deploy-VotingAppCC.ps1 follows the same conventions as vm-samples/BuildRandomCVM.ps1: random 5-letter suffix, full RG tagging, CC SKU + AMD CVM vCPU quota preflight, optional -smoketest auto-cleanup.
  • 1x Standard_D2as_v6 system pool + ccpool (2x Standard_DC2as_v5), Azure CNI, managed identity, Standard tier, --auto-upgrade-channel stable + --node-os-upgrade-channel NodeImage.
  • Attestation overlay under attestation/ (Flask app + get-snp-report + manifest.yaml) layers a hardware-rooted attestation page on top of the voting app for live SEV-SNP verification on the CC nodes.
  • Front-end image bootstrapped at pod startup from the public azure-voting-app-redis repo using python:3.9-slim (the previously-published MCR front-end image was removed) ΓÇö keeps the sample self-contained with no ACR / --attach-acr requirement.

3. README updates

  • Repo root README.md and aci-samples/README.md updated to surface visual-attestation-demo-v2 in the "What's New (June 2026)" table and the ACI samples list.

See:

  • aci-samples/visual-attestation-demo-v2/README.md for the direct-MAA flow and side-by-side screenshots.
  • aks-samples/azure-voting-app/README.md for the AKS deployment, quota requirements, and parameter reference.

vinfnet and others added 8 commits June 3, 2026 23:47
@vinfnet
Merge pull request #21 from vinfnet/update-cvm-build-attestation
4d804bf 
feat(vm-samples): Intel TDX support, Confidential OS disk encryption docs, JWT decode fix
@sgallagherMS
BuildRandomCVM: add -SkipSkuPreflight to bypass false-negative SKU API
995a4f3 
Get-AzComputeResourceSku and Get-AzVMUsage have been observed to report NotAvailableForSubscription / 0 quota in subscription/region combinations where ARM actually accepts the deployment (e.g. Standard_DC2as_v6 in koreacentral). Add a switch to skip the entire SKU+quota pre-flight block and let ARM validate at deploy time. README updated with explanation and example.
@sgallagherMS
Add visual-attestation-demo-v2: ACI port using SKR sidecar
da126b8 
Self-contained ACI sample that ports the AKS confidential-node visual
attestation web UI to Azure Container Instances Confidential Containers.
Attestation runs via the in-group `mcr.microsoft.com/aci/skr:2.10` sidecar
(POST /attest/maa) instead of the AKS-side cvm-attestation-tools, since
the ACI CC UVM does not expose a vTPM to the workload container. MAA
returns a single-layer `sevsnpvm` token (no nested `x-ms-isolation-tee`)
with `x-ms-compliance-status=azure-compliant-uvm`.

Includes:
- Slim Flask image (no tpm2-tools, no privileged host mounts) built via
  `az acr build`.
- Two-container Confidential ARM template (cc-attest + skr sidecar) with
  CCE policy generated by `az confcom acipolicygen`; Standard ARM template
  for the educational failure path.
- Deploy-VisualAttestationV2.ps1 with -Build / -Deploy / -Compare /
  -Cleanup phases for side-by-side Confidential vs Standard demos.
- README with architecture, troubleshooting, and live screenshots of both
  SKUs after pressing Attest.
@sgallagherMS
demo-v2: SKU-aware header text and updated screenshots
faf1a63 
app.py and templates/index.html now branch on the ACI_SKU env var:
- Confidential containers keep the existing 'AMD SEV-SNP hardware' header.
- Standard containers render an 'ACI Standard Containers - Runtime
  Attestation' header that explicitly notes there is no TEE and no SKR
  sidecar, so the page no longer claims SEV-SNP hardware on the failure-
  path demo.

The Confidential ARM template sets ACI_SKU=Confidential as a new env var
(included in CCE policy regen). Screenshots in images/ are recaptured
from the side-by-side -Compare deploy.
@sgallagherMS
demo-v2: drop SKR sidecar; app calls get-snp-report and MAA directly
54b2e16 
Single Flask container now fetches its own SEV-SNP report via the upstream get-snp-report tool (baked into the image), reads the THIM cert chain and UVM endorsements from UVM_SECURITY_CONTEXT_DIR, and POSTs to MAA /attest/SevSnpVm. The SKR sidecar container and its mount are removed from the confidential ARM template, CCE policy regenerated. App renders the MAA-issued sevsnpvm claims plus a hardware-evidence card with the raw SNP report summary. README and template updated; deployed and verified end-to-end on ACI Confidential (azure-compliant-uvm) and ACI Standard (expected /dev/sev-guest absent failure).
@sgallagherMS
demo-v2: refresh screenshots for direct-MAA flow (no SKR sidecar)
15f0362 
CC page shows the new Runtime Attestation header, MAA verdict azure-compliant-uvm, and x-ms-sevsnpvm-* claims. Standard page shows the expected /dev/sev-guest absence failure.
@sgallagherMS
docs: surface visual-attestation-demo-v2 in repo and aci-samples READMEs
df02c56
@sgallagherMS
aks-samples: add azure-voting-app with confidential attestation overlay
37f0333 
Adds the upstream Azure voting app plus an attestation overlay (Flask + AMD SEV-SNP MAA call) and a Deploy-VotingAppCC.ps1 helper that deploys the voting app, patches the front-end to a confidential nodepool, and layers the attestation pod.
@vinfnet vinfnet merged commit 0b9ebff into Azure-Samples:main Jun 4, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vinfnet @sgallagherMS