Coordinator
The Coordinator is MarbleRun's control plane. Conceptually, it operates as trusted controller in your confidential deployment. It securely holds the deployment's state, including the manifest and the defined secrets. Based on the manifest, the Coordinator uses remote attestation to authenticate the application's enclaves.
API and Configuration
It communicates with the Marble's data plane through gRPC and provides an HTTP REST interface on the client-side. The Coordinator can be configured with several environment variables:
EDG_COORDINATOR_MESH_ADDR
: The listener address for the gRPC serverEDG_COORDINATOR_CLIENT_ADDR
: The listener address for the HTTP REST serverEDG_COORDINATOR_DNS_NAMES
: The DNS names for the cluster's root certificateEDG_COORDINATOR_SEAL_DIR
: The file path for storing sealed data
When you use MarbleRun with Kubernetes, you can scale the Coordinator to multiple instances to increase availability and reduce the occurrence of events that require manual recovery.
The Coordinator clients can be divided into two major groups.
- The owners/providers/administrators who need to interact with the Coordinator for deploying their confidential application and administrative tasks
- The users/customers who use the Coordinator for remote attestation and establishing trust with the application
The Client API serves both use-cases with a compact HTTP REST API.