Confidential computing is one of the more forward looking security and policy options on Microsoft's Azure Kubernetes Service.
There are plenty of solutions for protecting data at rest and in motion; protecting data while you’re using it is less common. Last year Microsoft introduced a Kubernetes SGX plugin to support “confidential computing” — running workloads like NGINX, Redis Cache and MemCache that were built to use trusted execution environments, or your own apps written with its open source Open Enclave SDK, which supports both Intel SGX and Arm TrustZone in encrypted memory.
“Through this device driver plugin, we’re binging a level of security assurance down to the chip level that you just can’t get with a software-based solution, director of Azure Compute Gabe Monroy told the New Stack at the time. “This is all about getting code and data effectively encrypted in a way that protects it not just within the operating system but so that even the cloud providers can’t peek into it.”
At the time, that required creating a Kubernetes cluster on a VM that supported Intel SGX (in Azure or on your own hardware) and installing the confidential computing device plugin, which exposed the Encrypted Page Cache RAM as a resource Kubernetes can schedule. There are a limited number of enclaves on each CPU, so the Kubernetes scheduler plugin is needed to make sure a pod that needs an enclave lands on a node that has an enclave available.
“One of the things we needed to do is actually teach Kubernetes about how many enclaves are available and that sort of thing, so that you could schedule properly and it could find the places where there are enclaves available,” Kubernetes co-founder and Microsoft Corporate Vice President Brendan Burns told the New Stack.
Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.
Mismanagement of multi-cloud expense costs an arm and leg to business and its management has become a major pain point. Here we break down some crucial tips to take some of the management challenges off your plate and help you optimize your cloud spend.
This article explains how you can leverage Kubernetes to reduce multi cloud complexities and improve stability, scalability, and velocity.
To move or not to move? Benefits are multifold when you are migrating to the cloud. Get the correct information to make your decision, with our cloud engineering expertise.
Storing and managing corporate data by applying the cloud is becoming more and more popular. Companies grow, and it gets too expensive, and resources consuming to store their data on traditional servers. To prove it, look at the research conducted by Google in 2019 that includes insights for the cloud computing market for the next 10 years.