Docs

Introduction
Getting Started
Quickstart Concepts Coordinator Marbles
Features
Attestation Recovery Secrets management Planned features
Tasks
Deploying Marblerun Defining a Manifest Adding a service Setting a Manifest Verifying a deployment Monitoring and logging Updating a deployment Recovering the Coordinator
Examples
Hello World Confidential Emoji Voting
Changelog

Coordinator

The Coordinator represents the control plane in Marblerun. It communicates with the data plane through gRPC and provides an HTTP-REST interface on the client-side. The Coordinator can be configured with several environment variables:

  • EDG_COORDINATOR_MESH_ADDR: The listener address for the gRPC server
  • EDG_COORDINATOR_CLIENT_ADDR: The listener address for the HTTP server
  • EDG_COORDINATOR_DNS_NAMES: The DNS names for the cluster’s root certificate
  • EDG_COORDINATOR_SEAL_DIR: The file path for storing sealed data

Client API

The Client API is designed as an HTTP-REST interface. The API currently contains two endpoints:

  • /manifest: For deploying and verifying the Manifest

    • Example for setting the Manifest:
    curl --cacert marblerun.crt --data-binary @manifest.json "https://$MARBLERUN/manifest"
    • Example for verifying the deployed Manifest
    curl --cacert marblerun.crt "https://$MARBLERUN/manifest" | jq '.ManifestSignature' --raw-output

  • /quote: For retrieving a remote attestation quote over the whole cluster and the root certificate

    • Example for retrieving a quote
    curl -k "https://$MARBLERUN/quote"
    • We provide a tool to automatically verify the quote and output the trusted certificate:
    go install github.com/edgelesssys/era/cmd/era
era -c coordinator-era.json -h $MARBLERUN -o marblerun.crt

      * Note that `coordinator-era.json` contains the *Packages* information for the Coordinator. For our testing image this can be pulled from our GitHub releases:

    wget https://github.com/edgelesssys/marblerun/releases/latest/download/coordinator-era.json