SGX – aware Kubernetes scheduler

Kubernetes is an open-source project to automatically deploy, scale in and out, and manage
containerized applications on computer clusters. Maintained by Google,the UniNE’s SGX-aware
Kubernetes scheduler is an extension to Kubernetes adding support for
orchestrating containers with the knowledge of the enclave technology available in the
underlying hardware. It is a vertical implementation of mechanisms in several levels,
including modifications in the Linux driver for SGX
and a Kubernetes orchestrator plug-in. Standard monitoring layers in Kubernetes are leveraged
to accurately collect enclave memory usage in the physical nodes so the orchestration plug-in
can implement its policy. The complete
system implements can efficiently schedule jobs requiring enclave support, as well as regular
jobs, on a heterogeneous cluster. It guarantees that jobs submitted to a given host always
fit within its current enclave memory limits.
This is of particular relevance to avoid major performance penalties.