Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/edgelesssys/marblerun

MarbleRun is the control plane for confidential computing. Deploy, scale, and verify your confidential microservices on vanilla Kubernetes. 100% Go, 100% cloud native, 100% confidential.
https://github.com/edgelesssys/marblerun

confidential-computing confidential-microservices distributed-systems enclave golang intel-sgx kubernetes microservice service-mesh sgx

Last synced: 2 days ago
JSON representation

MarbleRun is the control plane for confidential computing. Deploy, scale, and verify your confidential microservices on vanilla Kubernetes. 100% Go, 100% cloud native, 100% confidential.

Awesome Lists containing this project

README 

        
# MarbleRun



![logo](assets/marblerun-logo.svg)



[![GitHub Actions Status][github-actions-badge]][github-actions]

[![Go Report Card][go-report-card-badge]][go-report-card]

[![PkgGoDev][go-pkg-badge]][go-pkg]

[![Discord Chat][discord-badge]][discord]



[MarbleRun][marblerunsh] is a framework for creating distributed confidential-computing apps.



Build your confidential microservices with [EGo][ego] or another [runtime](#supported-runtimes), distribute them with Kubernetes on an SGX-enabled cluster, and let MarbleRun take care of the rest. Deploy end-to-end secure and verifiable AI pipelines or crunch on sensitive big data in the cloud.



MarbleRun guarantees that the topology of your distributed app adheres to a Manifest specified in simple JSON. MarbleRun verifies the integrity of services, bootstraps them, and sets up encrypted connections between them. If a node fails, MarbleRun will seamlessly substitute it with respect to the rules defined in the Manifest.



To keep things simple, MarbleRun issues one concise remote attestation statement for your whole distributed app. This can be used by anyone to verify the integrity of your distributed app.



## Key features



:lock: Authentication and integrity verification of microservices with respect to a Manifest written in simple JSON



:key: Secrets management for microservices



:package: Provisioning of certificates, configurations, and parameters for microservices



:globe_with_meridians: Remote attestation of the entire cluster



## Overview



![overview](./assets/overview.svg)



## Supported runtimes



MarbleRun supports services built with one of the following frameworks:



* [EGo][ego]

* [Gramine][gramine]

* [Occlum][occlum]

* [Edgeless RT][edgelessrt]



## Quickstart and documentation



See the [Getting Started Guide][getting-started] to set up a distributed confidential-computing app in a few steps.

See the [documentation][docs] for details.



## Community & help



* Got a question? Please get in touch via [Discord][discord] or file an [issue](https://github.com/edgelesssys/marblerun/issues).

* If you see an error message or run into an issue, please make sure to create a [bug report](https://github.com/edgelesssys/marblerun/issues).

* Get the latest news and announcements on [Twitter](https://twitter.com/EdgelessSystems), [LinkedIn](https://www.linkedin.com/company/edgeless-systems/) or sign up for our monthly [newsletter](https://www.edgeless.systems/#newsletter-signup).

* Visit our [blog](https://www.edgeless.systems/blog/) for technical deep-dives and tutorials.



## Contributing



* Read [`CONTRIBUTING.md`](CONTRIBUTING.md) for information on issue reporting, code guidelines, and our PR process.

* [`BUILD.md`](BUILD.md) includes general information on how to work in this repo.

* Pull requests are welcome! You need to agree to our [Contributor License Agreement](https://cla-assistant.io/edgelesssys/marblerun).

* This project and everyone participating in it are governed by the [Code of Conduct](/CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code.

* Please report any security issue via a [private GitHub vulnerability report](https://github.com/edgelesssys/marblerun/security/advisories/new) or write to .



## Examples



### Hello world



We provide basic examples on how to build confidential apps with MarbleRun:



* See [helloworld](samples/helloworld) for an example in Go

* See [helloc++](samples/helloc++) for an example in C++

* See [gramine-hello](samples/gramine-hello) for an example using Gramine

* See [occlum-hello](samples/occlum-hello) for an example using Occlum



### Advanced



In case you want to see how you can integrate popular existing solutions with MarbleRun, we provide more advanced examples:



* See [gramine-nginx](samples/gramine-nginx) for an example of converting an existing Gramine application to a Marble

* See [gramine-redis](samples/gramine-redis) for a distributed Redis example using Gramine



### Confidential emoji voting



The popular [Linkerd][linkerd] service mesh uses the simple and scalable *emojivoto* app as its default demo. Check out our [confidential variant][emojivoto]. Your emoji votes have never been more secure! 😉



[docs]: https://docs.edgeless.systems/marblerun/

[edgelessrt]: https://github.com/edgelesssys/edgelessrt

[ego]: https://github.com/edgelesssys/ego

[emojivoto]: https://github.com/edgelesssys/emojivoto

[getting-started]: https://docs.edgeless.systems/marblerun/getting-started/quickstart

[github-actions]: https://github.com/edgelesssys/marblerun/actions

[github-actions-badge]: https://github.com/edgelesssys/marblerun/workflows/Unit%20Tests/badge.svg

[go-pkg]: https://pkg.go.dev/github.com/edgelesssys/marblerun

[go-pkg-badge]: https://pkg.go.dev/badge/github.com/edgelesssys/marblerun

[go-report-card]: https://goreportcard.com/report/github.com/edgelesssys/marblerun

[go-report-card-badge]: https://goreportcard.com/badge/github.com/edgelesssys/marblerun

[gramine]: https://github.com/gramineproject/gramine

[linkerd]: https://linkerd.io

[marblerunsh]: https://marblerun.sh

[occlum]: https://github.com/occlum/occlum

[discord]: https://discord.gg/rH8QTH56JN

[discord-badge]: https://img.shields.io/badge/chat-on%20Discord-blue