Skip to main content


In this guide, you will install MarbleRun into your Kubernetes cluster and deploy a sample confidential application to demonstrate the capabilities of MarbleRun.

Installing MarbleRun is easy. First, you will install the CLI (command-line interface) onto your local machine. Using this CLI, you’ll then install the control plane onto your Kubernetes cluster. Finally, you will add your own services and set up a corresponding manifest.


A working SGX DCAP environment is required for MarbleRun to work. For the ease of exploring and testing we provide a simulation mode with --simulation that runs without SGX hardware. Depending on your setup you may follow the quickstart for SGX-enabled clusters. Alternatively, if your setup doesn't support SGX, you can follow the quickstart in simulation mode.

Step 0: Setup

First, ensure you have access to a Kubernetes cluster and kubectl installed and configured. Probably the easiest way to get started is to run Kubernetes on your local machine using minikube. Please check our prerequisites if you want to setup an SGX-enabled cluster. Another easy way is to use Azure Kubernetes Service (AKS), which offers SGX-enabled nodes.

You can validate your setup by running:

kubectl version --short

You should see an output with both a Client Version and Server Version component. Now your cluster is ready and we’ll install the MarbleRun CLI.

Step 0.5: Install the CLI

If this is your first time running MarbleRun, you will need to download the MarbleRun command-line interface (CLI) onto your local machine. The CLI will allow you to interact with your MarbleRun deployment.

To install the CLI, run:

wget -P ~/.local/bin
chmod +x ~/.local/bin/marblerun

Once installed, verify the CLI is running correctly with:


You can use the CLI to check if your cluster is configured to run SGX workloads:

marblerun precheck

If your cluster supports SGX, you can follow the quickstart for clusters with SGX support. \ Otherwise, please follow the quickstart in simulation mode.