Confidential Azure Kubernetes Service (AKS)
A convenient way to run SCONE-based applications is to use Azure Kubernetes Services (AKS): SCONE is fully compatible with AKS and in particular, you can run your workloads in production mode on AKS. In this chapter, we introduce some examples on how to execute SCONE-based applications on AKS.
Standard Applications (SconeApps)
We support a variety of applications on AKS that can be deployed with helm and will add more over time:
| Application | Description |
|---|---|
| mariadb | Deploy MariaDB SCONE, i.e., MariaDB running inside of SGX enclaves, to Kubernetes |
| maxscale | Deploy MaxScale SCONE, i.e., Maxscale running inside of SGX enclaves and optionally, an HAProxy as Ingress |
| openvino | OpenVINO (Open Visual Inference and Neural network Optimization) is a toolkit facilitating the optimization and deployment of Deep Learning models |
| pytorch | An open source machine learning library developed by Facebook's AI Research lab |
| spark | Apache Spark is an open-source distributed general-purpose cluster-computing framework. |
| tensorflow | Machine Learning framework by Google |
| tensorflowlite | Deploy machine learning models |
Individual Applications
We show next how to sconify an existing container image such that
- the application can be executed securely inside of an SGX enclave, and
- all files are encrypted by SCONE.
The community edition requires the existence of an already sconified binary of another image while the standard edition can covert an existing binary to run inside of SGX enclaves.
Setup Steps
-
First, you need to get access to confidential AKS.
-
Second, you need to set up helm, SGX Plugin, and LAS.
-
Third, you deploy your application or a SconeApps like MariaDB.