Feature request: Enable "--device" in "stack deploy" for Confidential Computing

[bluepuma77]

The Confidential Computing Consortium was formed in 2019 under the Linux Foundation and has members like Intel, AMD, ARM and Google, IBM, Microsoft. "Confidential computing is a cloud computing technology that isolates sensitive data in a protected CPU enclave during processing. The contents of the enclave - the data being processed, and the techniques that are used to process it - are accessible only to authorised programming code, and are invisible and unknowable to anything or anyone else, including the cloud provider." (Source)

To enable Confidential Computing with Docker containers, the parameter "--device" has to be used (Source1, Source2).

The Docker compose docs state that this is currently not supported when deploying a stack:

There are other issues related to devices (1, 2, 3), maybe the current industry momentum towards Confidential Computing is a good reason to move the device topic forward within Docker Swarm.

[bluepuma77]

Seems there is already a pull request for this: https://github.com/moby/swarmkit/pull/3106

[bluepuma77]

Another 2 months gone by. Pull request is waiting, why can't it be merged and be included in the next release?

Who is responsible for this decision? Who owns moby/swarmkit?

[stephan-henningsen]

Happy New Year! Could someone please merge this?

[Alfagun74]

This is so frustrating

[epoch-philosophy]

Actually insane to me there has been a pull request waiting for YEARS, and this is just being ignored. How in the world would any organization or group be able to use Swarm at scale without the use of devices? I am just lost on the rationale here.