I recently learned that Intel SGX processors are able to encrypt enclaves for persistent storage to disk. After this, I started to write my first SGX apps and now I am wondering if there is any opportunity to deploy them on Kubernetes?
How can I deploy SGX apps on Kubernetes?
410 Views Asked by jayare At
1
There are 1 best solutions below
Related Questions in KUBERNETES
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- I can't create a pod in minikube on windows
- Oracle setting up on k8s cluster using helm charts enterprise edition
- Retrieve the Dockerfile configuration from the Kubernetes and also change container Java parameter?
- Summarize pods not running, by Namespace and Reason - I'm having trouble finding the reason
- How to get Java running parameters from Spring Boot running inside container in pod where no ps exist
- How do we configure prometheus server to scrape metrics from a pod with Istio sidecar proxy?
- In rke kube-proxy pod is not present
- problem with edge server registration in Eureka
- Unable to Access Kubernetes LoadBalancer Service from Local Device Outside Cluster
- Kubernetes cluster on GCE connection refused error
- Based on my experience, I've outlined the Kubernetes request flow. Could someone please add or highlight any points I might have overlooked?
- how to define StackGres helm chart "restapi" values to use internal LoadBalancer - AWS EKS
- Python3.11 can't open file [Errno 2] No such file or directory
- Cannot find remote pod service - SERVICE_UNAVAILABLE
Related Questions in SGX
- Can I launch a SGX enclave without Internet?
- Does SGX or Gramine support mmap files?
- PCKIDRetrievalTool gives error - Error: the data couldn't be sent to cache server
- Why is there a difference in the running speed of programs inside and outside of SGX?
- I run Scone in Hardware Mode but occured a problem(Enclave terminated due to signal: Illegal instruction)
- How to solve SGX Exception 4012?
- How do I set up an Intel SGX project targeting a Linux machine on Windows using Visual Studio?
- 'failed to load enclave' in hardware mode with Intel SGX
- How to create Enclave using Intel SGX SDK on LINUX
- sgx-pytorch remote attestation failed due to msg3 type not matched
- gramine-direct works great but gramine-sgx cannot access text files for encryption
- Issue during reboot SGX disabled and APCI BIOS Error
- How does Intel SGX bind the Host application process and the enclave to each other?
- Intel SGX cannot find sgxsdk/environment
- how to specify the PCCS_URL
Related Questions in CONFIDENTIAL
- Keycloak - use authorized API resources with public client
- Security type of confidential VM with Terraform in Azure
- The best approach to check if file has been modified in c#
- spring boot rest app secured by keycloak 18 return always error 401 Unauthorized
- How can I run apps inside an Intel SGX enclave on the Windows
- Disable HTTPS GET certificate check
- How to write Confidential/SGX apps with Golang?
- How can I deploy SGX apps on Kubernetes?
- Is it possible to make confidential issues in a public git repository?
- How to authenticate a confidential Keycloak client API consumer without consumer's password nor sharing client secret?
- Azure SGX support
- How to send a Confidential email using VBScript
- How to save confidential data on iOS? Keychain or Outh2? Thanks.
- anonymous and confidential app design
- Encrypting text data methodology
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Your question can be split into multiple steps:
You'll need Kubernetes nodes with SGX-capable CPUs. The way Kubernetes handles "special devices" as SGX is through Device Plugins. Multiple SGX device plugins exist for Kubernetes:
Once you've equipped a node with such a plugin, they provide you with a mechanism to expose the SGX device to your containers.
You'll need to bundle your enclave into a container and write the Kubernetes resource definitions. The most common language for Cloud Native Applications is probably Go. There is a great example for a confidential microservice application based on the EdgelessRT Go runtime and SDK(link), which uses the Azure device plugin for exposing SGX to the containers: https://github.com/edgelesssys/emojivoto
Probably the most interesting point when deploying SGX apps on Kubernetes is SGX-specific orchestration. While Kubernetes handles all the general orchestration, SGX-specific task as remote-attestation, migration, and secrets management of your deployments need to be handled separately. The Marblerun service mesh addresses those tasks, namely: