Deploying Marblerun

This article assumes that you have an existing Azure Kubernetes Service (AKS) cluster. An AKS cluster can be created using the Azure CLI or the Azure portal. Alternatively, you can deploy the steps with minikube.

This article uses Helm 3 to install Marblerun. Make sure that you are using the latest release of Helm and have access to the Marblerun Helm repositories. For upgrade instructions, see the Helm install docs. For more information on configuring and using Helm, see Install applications with Helm in Azure Kubernetes Service (AKS).

Adding Marblerun’s Helm repository

helm repo add edgeless
helm repo update

Installing the chart

Update the hostname with your cluster’s FQDN.

  • For a cluster with SGX support:

    helm install marblerun-coordinator edgeless/marblerun-coordinator \
        --create-namespace \
        -n marblerun \
  • For a cluster without SGX support:

    helm install marblerun-coordinator edgeless/marblerun-coordinator \
        --create-namespace \
        -n marblerun \
        --set coordinator.resources=null \
        --set coordinator.simulation=1 \
        --set tolerations=null \

DNS for the client API on AKS

This explains how to configure the DNS for the Edgeless Mesh Client-API when running on an AKS cluster.

Configure FQDN for the Coordinator’s IP address

# Public IP address of your coordinator-client-api service

# Name to associate with the public IP address

# Get the resource-id of the public ip
PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[id]" --output tsv)

# Update public ip address with DNS name
az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME

# Display the FQDN
az network public-ip show --ids $PUBLICIPID --query "[dnsSettings.fqdn]" --output tsv

Test the DNS configuration

Use curl to test that the DNS was configured correctly. Update the hostname with the DNS name you created.

curl -k

Ingress/Gateway configuration

If you’re using an ingress-controller or gateway for managing access to the marblerun-coordinator make sure you’re enabling SNI for your TLS connections.