Skip to content

Confidential Azure Kubernetes Service (AKS)

A convenient way to run SCONE-based applications is to use Azure Kubernetes Services (AKS): SCONE is fully compatible with AKS and in particular, you can run your workloads in production mode on AKS. In this chapter, we introduce some examples on how to execute SCONE-based applications on AKS.

Standard Applications (SconeApps)

We support a variety of applications on AKS that can be deployed with helm and will add more over time:

Application Description
mariadb Deploy MariaDB SCONE, i.e., MariaDB running inside of SGX enclaves, to Kubernetes
maxscale Deploy MaxScale SCONE, i.e., Maxscale running inside of SGX enclaves and optionally, an HAProxy as Ingress
openvino OpenVINO (Open Visual Inference and Neural network Optimization) is a toolkit facilitating the optimization and deployment of Deep Learning models
pytorch An open source machine learning library developed by Facebook's AI Research lab
spark Apache Spark is an open-source distributed general-purpose cluster-computing framework.
tensorflow Machine Learning framework by Google
tensorflowlite Deploy machine learning models

Individual Applications

We show next how to sconify an existing container image such that

  • the application can be executed securely inside of an SGX enclave, and
  • all files are encrypted by SCONE.

The community edition requires the existence of an already sconified binary of another image while the standard edition can covert an existing binary to run inside of SGX enclaves.

Setup Steps