Akash Audited Attributes

Overview
Audited Attributes allow a user to filter which providers can bid on their project. In the use of a Stack Definition Language (SDL) file Audited Attributes enable:
Deployers to declare mandatory provider attributes, meaning leases will only be generated on platforms that fulfill the developers needs. 
Deployers can declare the address of an independent auditor who has validated the provider attributes.
In this guide we will show detailed examples of Audited Attribute usage and best practises.
Deployer usage of Audited Attributes within SDL files is the focus of this document. The mechanics involved in becoming an auditor and auditing provider resources will be covered in separate, provider centric documentation.
Sample SDL Deployment
We will use the following sample SDL deployment file throughout this guide to explore the use of attributes and auditors.
The SDL example will provision two light-weight, redundant web servers using the Lunie Light container image.
1
version: "2.0"
2
services:
3
 web:
4
   image: ovrclk/lunie-light
5
   expose:
6
     - port: 3000
7
       as: 80
8
       to:
9
         - global: true
10
profiles:
11
 compute:
12
   web:
13
     resources:
14
       cpu:
15
         units: 0.1
16
       memory:
17
         size: 512Mi
18
       storage:
19
         size: 512Mi
20
 placement:
21
   ewr1-provider0:
22
     attributes:
23
       host: akash
24
       datacenter: equinix-metal-ewr1
25
     signedBy:
26
       anyOf:
27
         - akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63
28
     pricing:
29
       web:
30
         denom: uakt
31
         amount: 100
32
   sjc1-provider0:
33
     attributes:
34
       host: akash
35
       datacenter: equinix-metal-sjc1
36
     signedBy:
37
       anyOf:
38
         - akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63
39
     pricing:
40
       web:
41
         denom: uakt
42
         amount: 100
43
deployment:
44
 web:
45
   ewr1-provider0:
46
     profile: web
47
     count: 1
48
   sjc1-provider0:
49
     profile: web
50
     count: 1
Copied!
SDL Attributes
Attribute Location Within the SDL
Using the example SDL provided previously, let’s take a look at the profiles section.
1
profiles:
2
 compute:
3
   web:
4
     resources:
5
       cpu:
6
         units: 0.1
7
       memory:
8
         size: 512Mi
9
       storage:
10
         size: 512Mi
11
 placement:
12
   ewr1-provider0:
13
     attributes:
14
       host: akash
15
       datacenter: equinix-metal-ewr1
16
     signedBy:
17
       anyOf:
18
         - akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63
19
     pricing:
20
       web:
21
         denom: uakt
22
         amount: 100
Copied!
From the isolated SDL section above observe the following from the top down:
1.Attributes are declared within the “profiles” section. The “profiles” section defines compute and placement requirements. 
2.The “attributes” key is placed within the “placement” section. 
3.Within the example SDL two unique “attributes” are defined:
host: akash 
datacenter: equinix-metal-ewr1
Attribute Syntax
Referring to the “profiles” SDL section we saw previously - note the following details of “attributes” syntax:
Attributes are declared key-value pairs with the key and value both strings. 
The attribute key-value pairs could be any values but must match the attributes declared by desired providers. 
Providers analyze the submitted SDL files and will only bid on projects for which they satisfy the attribute list.
An example attribute would be a location key-value pair which could be used to ensure the deployment is hosted in a specific physical region such as locale: west.
Attribute Impact
When a user creates a deployment that includes attributes they are ensuring that only providers which have matching attributes are eligible to host their workloads.  Referencing the example SDL file and the isolated placement section - the only eligible providers would be those which have declared:
The host attribute of value akash 
The datacenter attribute of value equinix-metal-ewr1
Attribute Additional Notes
No Attribute/Attributes Defined
Attributes are an optional parameter in the Akash SDL. A valid manifest may include no attribute section/key.
Attribute Governance
No governance is available to ensure that the attributes declared by the provider are actual or valid. In theory any provider may declare they satisfy the “host: akash” condition and send bids to any user requiring that attribute. Verification of the attributes to ensure a provider satisfies the claim of the attribute is the role of an auditor and is the subject of the subsequent section.
Attribute Auditors
Provider auditors assume the role of governance within SDL attributes use.  An Auditors job is to ensure a provider has accurate attributes placed on them and can  fulfill such requirements.
Standard Attributes
A comprehensive, open-source framework is in development which will further decentralize the auditing of providers.  Pending the release of this framework, an interim process has been developed to confirm providers claiming Akash recognized attributes.  The process will allow providers to bid on deployments launched via the SDLs within the Awesome Akash repository.  Interested providers may initiate the interim signing process by making contact in Discord with Andy (member of the Akash Developer Insider team) at the following handle: @andy01.
Attributes of Community Providers
Community providers vetted by Andy should advertise the following attributes before they can be signed by Akash address akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63.  Leases should use these attributes to allow audited community providers to bid.
host: akash
tier: community
Attributes of Akash Providers
The Akash provider, compute resources owned by Akash, will advertise the following attributes.  Use of these attributes ensures only Akash provider instances will bid on the lease.
host: akash
tier: premium
organization: ovrclk.com
Awesome Akash Examples
The example applications in the Awesome Akash repo have the following attributes included.  Based on these attributes, both Akash and community providers are able to bid on associated leases.
host: akash
Lease signedBy Fields
To use audited providers only, ensure SDLs have the Akash signedBy address of: akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63.
Auditor Location Within the SDL
Using the example SDL provided previously let’s take a look at the Auditor review.
1
profiles:
2
 compute:
3
   web:
4
     resources:
5
       cpu:
6
         units: 0.1
7
       memory:
8
         size: 512Mi
9
       storage:
10
         size: 512Mi
11
 placement:
12
   ewr1-provider0:
13
     attributes:
14
       host: akash
15
       datacenter: equinix-metal-ewr1
16
     signedBy:
17
       anyOf:
18
         - akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63
19
     pricing:
20
       web:
21
         denom: uakt
22
         amount: 100
Copied!
From the isolated SDL section above we can see the following:
1.Required auditors are declared within the “profiles” section. The “profiles” section defines compute and placement requirements. 
2.Within a specific placement profile (“ewr1-provider0” in the example SDL) there is a signedBy key.
Declared Auditor Syntax
Referring to the “profiles” SDL section looked at previously - note the following details of the “signedBy” syntax:
Required auditors may be specified within the signedBy section via either of the following options:
anyOf
The “anyOf” key states that if multiple auditors are declared in the YAML list - confirmation is satisfied if ONE auditor in the list is able to confirm necessary attributes.
allOf
The “allOf” key states that if multiple auditors are declared in the YAML list - confirmation is satisfied only if ALL auditors in the list are able to confirm necessary attributes.
In the modified SDL manifest depicted below the second placement (“sjc1-provider0”) has been edited to demonstrate the use and syntax of the “allOf” specification within the signedBy section.
1
profiles:
2
 compute:
3
   web:
4
     resources:
5
       cpu:
6
         units: 0.1
7
       memory:
8
         size: 512Mi
9
       storage:
10
         size: 512Mi
11
 placement:
12
   ewr1-provider0:
13
     attributes:
14
       host: akash
15
       datacenter: equinix-metal-ewr1
16
     signedBy:
17
       anyOf:
18
         - akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63
19
     pricing:
20
       web:
21
         denom: uakt
22
         amount: 100
23
   sjc1-provider0:
24
     attributes:
25
       host: akash
26
       datacenter: equinix-metal-sjc1
27
     signedBy:
28
       allOf:
29
         - akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63
30
         - akash1ss3ty253h6yun0a0fly8s0prcx34x4q2qewpkk
31
     pricing:
32
       web:
33
         denom: uakt
34
         amount: 100
Copied!
Auditor Impact
Provider auditors play the role of governance within SDL attribute use.
Using the sample SDL section below should help clarify the concept and use of the auditor role.
1
profiles:
2
 compute:
3
   web:
4
     resources:
5
       cpu:
6
         units: 0.1
7
       memory:
8
         size: 512Mi
9
       storage:
10
         size: 512Mi
11
 placement:
12
   ewr1-provider0:
13
     attributes:
14
       host: akash
15
       datacenter: equinix-metal-ewr1
16
     signedBy:
17
       anyOf:
18
         - akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63
19
     pricing:
20
       web:
21
         denom: uakt
22
         amount: 100
Copied!
Auditor Role
Provider auditors play the role of governance within SDL attribute use.
Using the sample SDL section below should help clarify the concept and use of the auditor role.
1
profiles:
2
 compute:
3
   web:
4
     resources:
5
       cpu:
6
         units: 0.1
7
       memory:
8
         size: 512Mi
9
       storage:
10
         size: 512Mi
11
 placement:
12
   ewr1-provider0:
13
     attributes:
14
       host: akash
15
       datacenter: equinix-metal-ewr1
16
     signedBy:
17
       anyOf:
18
         - akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63
19
     pricing:
20
       web:
21
         denom: uakt
22
         amount: 100
Copied!
Auditor Role
In traditional data centers, third-party auditors often validate physical security and environmental mandates. In the Akash landscape third-party validators play a similar role in ensuring a provider is capable of the attributes they ascribe to.
In this role the auditor will perform the following function:
Audit the attributes claimed by the provider and validate the claims/capabilities are legit. 
With introduction of the auditor and use of the signedBy key the danger of a provider declaring an attribute incorrectly or maliciously is removed.
Auditor/Signed By Key Functionality
Should the manifest declare both attributes and a signedBy key - only a provider that has been validated by the declared auditor/auditors to have such attributes would become eligible to host the compute resource. 
As noted in the Declared Auditor Syntax section:
Inclusion of the signedBy key with a nested allOf key mandates validation by all listed auditors. 
Inclusion of the signedBy key with a nested anyOf key is satisfied with the validation by one listed auditor.
Auditor Trust Relationship
The auditor concept assumes a trust relationship with the defined auditor. For example, in the sample SDL the auditor account declared in the signedBy field (address = “akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63”) is owned by Akash. Through the use of the signedBy field and the declaration of the Akash auditor address, only Akash audited providers and those validated to possess declared attributes would be eligible to host manifest resources.
In a circumstance in which the auditor is a third party (not Akash),no process exists to ensure that the auditor conducted accurate provider attribute validation and thus only trusted auditors should be utilized.
An Akash signBy address may be used when assurance that Akash has validated a provider’s attributes is desired.
Auditor Additional Notes
No Auditor/Signed By Specification
A SDL is considered valid with no signedBy section. Both the attributes and signedBy sections are optional.
When a SDL includes attributes but no signedBy key-value pair only providers declaring such attributes will select the deployment for bid but there would be no third party validation that the provider truly meets such specifications.
If a deployer desired access to every provider currently on the Akash network both the attributes and signedBy sections could be removed from the SDL. NOTE: Akash cannot be responsible for deployments on providers that are not audited specifically by an Akash auditor.
Multiple Placements with Differing Attributes/Auditors
Multiple placements may exist in a SDL and each placement may have unique attributes/signedBy specifications.
In an example scenario, a SDL containing multiple micro-services (i.e. web frontend and database backend), it would be possible to dictate that the frontend exist in one locale and the backend exist in another locale via differing values in a locale attribute key-value pair.
VMware Tanzu
Akash Provider Migration Guide - 0.14.X to 0.16.3
Last modified 1mo ago
Copy link
Contents
Overview
Sample SDL Deployment
SDL Attributes
Attribute Location Within the SDL
Attribute Syntax
Attribute Impact
Attribute Additional Notes
Attribute Auditors
Standard Attributes
Auditor Location Within the SDL
Declared Auditor Syntax
Auditor Impact
Auditor Additional Notes