Skip to content

Cluster Setup

Lucid runs on standard Kubernetes but requires the Lucid Operator to manage sidecar injection and TEE runtime configuration.

🛠 Local Development (Kind)

For local development, we simulate TEE hardware using Mock Mode. This allows you to test your safety logic on a standard laptop.

# 1. Create a Kind cluster and install the Lucid Operator in Mock mode
lucid cluster setup --mock --label-nodes

This command: * Creates a lucid-system namespace. * Deploys the Lucid Operator. * Labels nodes with lucid.io/role=tee-workload. * Configures the operator to use software-based attestation.

☁️ Production TEE Clusters

In production, Lucid requires nodes with hardware support (Intel SGX, AMD SEV-SNP, or AWS Nitro).

1. Provision Nodes

Refer to your cloud provider's guide to create a TEE-capable node pool: * GCP: GKE Confidential Nodes (AMD SEV-SNP). * Azure: AKS Confidential Computing (Intel SGX or CVM). * AWS: EKS with Nitro Enclaves.

2. Install Operator

Connect your kubectl to the production cluster, then run:

# Install with hardware attestation enabled
lucid cluster setup --label-nodes

🔍 Verify Status

Check the health of the Lucid infrastructure in your cluster at any time:

lucid cluster status

Expected Output: 

[*] Checking Lucid Operator... Running (v1.2.0)
[*] Checking TEE Nodes... 3 Nodes Available
[*] Checking Verifier Connectivity... Connected
[+] Cluster is LUCID-READY.

Next, you are ready to build Your First Auditor.