Microsoft Azure Brings Confidential Computing to Kubernetes

Microsoft Azure Brings Confidential Computing to Kubernetes

Confidential computing is one of the more forward looking security and policy options on Microsoft's Azure Kubernetes Service.

There are plenty of solutions for protecting data at rest and in motion; protecting data while you’re using it is less common. Last year Microsoft introduced a Kubernetes SGX plugin to support “confidential computing” — running workloads like NGINX, Redis Cache and MemCache that were built to use trusted execution environments, or your own apps written with its open source Open Enclave SDK, which supports both Intel SGX and Arm TrustZone in encrypted memory.

“Through this device driver plugin, we’re binging a level of security assurance down to the chip level that you just can’t get with a software-based solution, director of Azure Compute Gabe Monroy told the New Stack at the time. “This is all about getting code and data effectively encrypted in a way that protects it not just within the operating system but so that even the cloud providers can’t peek into it.”

At the time, that required creating a Kubernetes cluster on a VM that supported Intel SGX (in Azure or on your own hardware) and installing the confidential computing device plugin, which exposed the Encrypted Page Cache RAM as a resource Kubernetes can schedule. There are a limited number of enclaves on each CPU, so the Kubernetes scheduler plugin is needed to make sure a pod that needs an enclave lands on a node that has an enclave available.

“One of the things we needed to do is actually teach Kubernetes about how many enclaves are available and that sort of thing, so that you could schedule properly and it could find the places where there are enclaves available,” Kubernetes co-founder and Microsoft Corporate Vice President Brendan Burns told the New Stack.

cloud services kubernetes security profile

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

50+ Useful Kubernetes Tools for 2020 - Part 2

Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.

Multi-cloud Spending: 8 Tips To Lower Cost

Mismanagement of multi-cloud expense costs an arm and leg to business and its management has become a major pain point. Here we break down some crucial tips to take some of the management challenges off your plate and help you optimize your cloud spend.

Kubernetes in the Cloud: Strategies for Effective Multi Cloud Implementations

This article explains how you can leverage Kubernetes to reduce multi cloud complexities and improve stability, scalability, and velocity.

What are the benefits of cloud migration? Reasons you should migrate

To move or not to move? Benefits are multifold when you are migrating to the cloud. Get the correct information to make your decision, with our cloud engineering expertise.

Cloud Security: Is it Worth it?

Storing and managing corporate data by applying the cloud is becoming more and more popular. Companies grow, and it gets too expensive, and resources consuming to store their data on traditional servers. To prove it, look at the research conducted by Google in 2019 that includes insights for the cloud computing market for the next 10 years.