Constellation
The world's most secure Kubernetes
Constellation leverages confidential computing to isolate entire Kubernetes clusters from the infrastructure. Finally, the public cloud turns into your private cloud.
Shield your entire Kubernetes deployments
Everything always encrypted
All data in the cluster remains encrypted in all states - at rest, in transit, and during processing.
Assured workload integrity
The integrity of the entire cluster is verified based on cryptographic certificates and latest supply-chain security mechanisms.
Easy to use and integrate
Constellation can be set up in minutes in your favorite cloud with an easy-to-use CLI. Afterwards, you can connect your favorite Kubernetes tooling via the kubeadm interface.
Shield your entire Kubernetes deployments
- Prevent data breaches
- Make your SaaS more trustworthy
- Migrate sensitive workloads to the cloud
- Meet regulatory requirements
Comparison with managed Kubernetes
For end-to-end confidentiality, it is not enough to use managed Kubernetes offerings like AKS, EKS, or GKE with Confidential VMs. Many attack vectors remain.
Constellation is the leading confidential-computing solution
Constellation is a CNCF-certified Kubernetes distribution
This ensures compatibility with all existing Kubernetes tooling. On top, we implement Kubernetes security updates within 24 hours.
Constellation implements SLSA, the gold standard for supply-chain security
Constellation achieves SLSA Level 3. With reproducible builds, hardware-based attestation, and sigstore-based software signatures throughout, Constellation is leading the way in supply-chain security for Kubernetes.
Constellation passes the CIS Kubernetes security benchmarks
The benchmarks from the Center for Internet Security (CIS) are widely recognized standards for defending IT systems against cyberattacks.
Constellation is open source
The source code of Constellation is accessible for anyone to review on GitHub. This enables meaningful remote attestation.
View the code
Learn how OCCRP uses Constellation on GCP to protect journalists
Constellation’s ease of use meant that Organized Crime and Corruption Reporting Project (OCCRP) developers could easily implement it and subsequently continue focusing on the other technical tools that augment their journalists’ work. With Constellation, OCCRP could rest assured that the most valuable information remains safe for use by international journalists.
Embark into the future of cloud security
Get in touch to schedule a personal demo and see Constellation in action.