Register now for OC3, the premier event for confidential computing, on March 13 - free and online

Constellation

The world’s most
secure Kubernetes


Constellation leverages confidential computing to isolate entire Kubernetes clusters from the infrastructure. Finally, the public cloud turns into your private cloud.

Shield your entire Kubernetes deployments

lock icon

Everything always encrypted


All data in the cluster remains encrypted in all states - at rest, in transit, and during processing.

cloud icon

Assured workload integrity


The integrity of the entire cluster is verified based on cryptographic certificates and latest supply-chain security mechanisms.

performance icon

Performance and scale


High availability, autoscaling, and close to native performance.

Why Constellation


By encrypting your entire K8s cluster, Constellation supports you in migrating

sensitive workloads to the cloud with maximum security and increasing your

SaaS offerings' trustworthiness. Constellation will help you prevent

data breaches and address regulatory requirements like GDPR

and DORA. Constellation works on all major clouds.

Constellation illustration
Constellation icon

Easy to use and integrate


Constellation can be set up in minutes in your favorite cloud with an easy-to-use CLI. Afterwards, you can connect your favorite Kubernetes tooling via the kubeadm interface.

Constellation enables you to

01.

Migrate sensitive workloads to the cloud

02.

Make your SaaS
more trustworthy

03.

Increase the security of your Kubernetes clusters

Comparison with managed Kubernetes


For end-to-end confidentiality, it is not enough to use managed Kubernetes offerings like AKS, EKS, or GKE with Confidential VMs. Many attack vectors remain.

Security analysis preview

Constellation is the leading confidential-computing solution

Kubernetes certified logo

Constellation is a CNCF-certified Kubernetes distribution


This ensures compatibility with all existing Kubernetes tooling. On top, we implement Kubernetes security updates within 24 hours.

Slsa level 3

Constellation implements SLSA, the gold standard for supply-chain security


Constellation achieves SLSA Level 3. With reproducible builds, hardware-based attestation, and sigstore-based software signatures throughout, Constellation is leading the way in supply-chain security for Kubernetes.

Center for Internet Security logo

Constellation passes the CIS Kubernetes security benchmarks


The benchmarks from the Center for Internet Security (CIS) are widely recognized standards for defending IT systems against cyberattacks.

GitHub logo

Constellation is open source


The source code of Constellation is accessible for anyone to review on GitHub. This enables meaningful remote attestation.

OCCRP uses Constellation on GCP to protect journalists


Constellation’s ease of use meant that Organized Crime and Corruption Reporting Project (OCCRP) developers could easily implement it and subsequently continue focusing on the other technical tools that augment their journalists’ work. With Constellation, OCCRP could rest assured that the most valuable information remains safe for use by international journalists.

Crowd of journalists

Embark into the future of cloud security