Manifest and deployment updates
The manifest is a JSON document that defines the essential properties of your deployment: allowed software packages, secrets, access control, update policy, etc. Particularly, the manifest contains all information required by the Coordinator to verify the confidentiality and integrity of a newly spawned Marble. On successful verification, the Coordinator provisions the Marble with configuration and secrets.
As a cluster owner, you can define in the manifest how rigid you want your deployment to be.
In an immutable deployment, you initialize MarbleRun with a permanent manifest that won't allow any changes later on. Clients of such a deployment don't need to trust any other party because they can audit the manifest and verify its enforcement via remote attestation. Choose this approach for deployments with a limited lifetime.
Deployment with updatable packages
The manifest allows to permit a user to update existing packages of a deployment. Clients of such a deployment need to trust the vendors of these packages to provide legitimate software updates. Choose this approach for deployments with a well-defined scope, but a possibly longer lifetime.
Fully updatable deployment
This feature is an option with MarbleRun Enterprise.
The manifest allows to permit a user to update the full manifest. With such a deployment, this user usually needs to be a trusted party. Choose this approach for deployments that require full flexibility.
Depending on the use case, it may not be acceptable that a single user can update the full manifest. MarbleRun supports defining a group of users that must acknowledge the newly uploaded manifest before it's applied.