Run the notebook
Starting from fraud-detection/1_download_data.ipynb, go through the various notebooks. Specifically:
-
fraud-detection/1_download_data.ipynb: download encrypted datasets -
fraud-detection/2_decrypt_data.ipynb: decrypt the datasets -
fraud-detection/3_run_model.ipynb: run the model -
fraud-detection/4_cleanup.ipynb: clean everything to restart the demo
Considerations
Note how a secret like /sealed/azure-value/azure-sas can be read and used in the jupyter notebook, but if you try to oc exec and read it, it won’t work.
The difference is that the notebook is running within the container, whereas oc exec is executed from outside. This shows exactly the CoCo threat model: an application/developer inside the CoCo pod is obviously allowed to read the secrets granted. However, a cluster/infra/platform admin is not trusted, therefore there is no way for him/her to access this data.