Constellation has landed open source on GitHub and you can now have your own confidential Kubernetes. Finally, the public cloud becomes the safest place for your sensitive data.


Hi, open-source community, confidential Kubernetes is now on GitHub!

Constellation has landed open source on GitHub and you can now have your own confidential Kubernetes. Finally, the public cloud becomes the safest place for your sensitive data.

Why are we doing this? Because confidential computing is the future of cloud computing

Nowadays, most companies leverage cloud computing, one way or another. This is because there are a lot of advantages in terms of costs, maintenance, scalability, and reliability.

But using someone else's cloud also creates security and compliance concerns, as one cannot verify who has access to data, or if the cloud infrastructure has been compromised.

This all gets solved with Constellation, the framework to set up your own private cloud in the public cloud. Leveraging confidential computing, Constellations completely shields your workloads, so that no one can get access, not the cloud provider, not the admins, not the hackers.

As we believe that data security is indispensable, we've built the best tool to enable you to protect your data: at rest, in transit and also at runtime.

Until yesterday, confidential computing was difficult to use. But today you can --- easily, freely and at scale. Constellation is now open source and you can get started on GitHub.

Why Constellation? Because it shields entire K8s deployments from the infrastructure

Constellation is the first always-encrypted Kubernetes (K8s). This means, a K8s where all your workloads and control plane are completely shielded, and you can remotely verify that they are so, with cryptographic certificates.

Shortly put, with Constellation, all your nodes run inside Confidential Virtual Machines, enabling encryption during processing. In addition, Constellation automatically encrypts all data that is sent over the network or written to storage. The integrity of the nodes is verified by Constellation through a process of attestation, where only "good" nodes, meaning the ones that are running a signed Constellation image and are in the expected state, get the cryptographic keys required to access the network and storage of a cluster.

Constellation is the only framework providing you with end-to-end confidential Kubernetes.

It works with all major clouds, like GCP and Azure. It is so intuitive to use and doesn't require you to change existing tooling. It is a CNCF-certified Kubernetes as well.

The necessary hardware is now available from the big hyper-scalers and elsewhere, making now the perfect moment to adopt confidential computing.

Benefits and features

Let's have a look at Constellation's main benefits:

  • The best security for your K8s workloads
  • Runs and scales all containers
  • The new Sigstore-based attestation of Kubernetes nodes and artifacts protects the supply chain and enables meaningful remote verification
  • It is easy to use, you need to set up only a couple of commands on your CLI
  • Cryptographic proof that your data is protected
  • Networking based on Cilium: we added node-to-node networking based on the tried and tested open source software.
  • It is now open source, so why shouldn't you try it out?

Investing in the future

We are always improving Constellation. We are committed to a community-driven and open-source approach, and we want all developers to have the opportunity to try confidential computing at scale. It is important to us that access of our software is possible for all users, especially since Constellation's aim is to ease access to this new technology also for non-experts.

We are extremely excited to see what developers will build with it!

Dive into Constellation's features in detail, use the Installation guide, or just check it out and star it on GitHub. If you have any questions, comments or feedback, please reach out to us on discord or book a demo with our sales team.

Related reading

View all