Docs

Introduction
Getting Started
Quickstart Concepts Coordinator Marbles
Features
Attestation Recovery Secrets management Planned features
Tasks
Deploying Marblerun Defining a Manifest Adding a service Setting a Manifest Verifying a deployment Monitoring and logging Updating a deployment Recovering the Coordinator
Examples
Hello World Confidential Emoji Voting
Changelog

Deploying Marblerun

This article assumes that you have an existing Azure Kubernetes Service (AKS) cluster. An AKS cluster can be created using the Azure CLI or the Azure portal. Alternatively, you can deploy the steps with minikube.

This article uses Helm 3 to install Marblerun. Make sure that you are using the latest release of Helm and have access to the Marblerun Helm repositories. For upgrade instructions, see the Helm install docs. For more information on configuring and using Helm, see Install applications with Helm in Azure Kubernetes Service (AKS).

Adding Marblerun’s Helm repository

helm repo add edgeless https://helm.edgeless.systems/stable
helm repo update

Installing the chart

Update the hostname with your cluster’s FQDN.

  • For a cluster with SGX support:

    helm install marblerun-coordinator edgeless/marblerun-coordinator \
    --create-namespace \
    -n marblerun \
    --set coordinator.hostname=mycluster.uksouth.cloudapp.azure.com

  • For a cluster without SGX support:

    helm install marblerun-coordinator edgeless/marblerun-coordinator \
    --create-namespace \
    -n marblerun \
    --set coordinator.resources=null \
    --set coordinator.simulation=1 \
    --set tolerations=null \
    --set coordinator.hostname=mycluster.uksouth.cloudapp.azure.com

DNS for the client API on AKS

This explains how to configure the DNS for the Edgeless Mesh Client-API when running on an AKS cluster.

Configure FQDN for the Coordinator’s IP address

# Public IP address of your coordinator-client-api service
IP="MY_EXTERNAL_IP"

# Name to associate with the public IP address
DNSNAME="marblerun"

# Get the resource-id of the public ip
PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[id]" --output tsv)

# Update public ip address with DNS name
az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME

# Display the FQDN
az network public-ip show --ids $PUBLICIPID --query "[dnsSettings.fqdn]" --output tsv

Test the DNS configuration

Use curl to test that the DNS was configured correctly. Update the hostname with the DNS name you created.

curl -k https://marblerun.uksouth.cloudapp.azure.com:25555/status

Ingress/Gateway configuration

If you’re using an ingress-controller or gateway for managing access to the marblerun-coordinator make sure you’re enabling SNI for your TLS connections.