Constellation: The world's most secure Kubernetes

Constellation leverages confidential computing to isolate entire Kubernetes clusters from the infrastructure. Finally, the public cloud turns into your private cloud.

GitHub Enterprise Edition

Isolate your entire cluster for maximum security

Constellation is the most secure way to run Kubernetes. It leverages Confidential VMs available in all major clouds to isolate and encrypt all of your workloads end-to-end. From the inside, a Constellation cluster feels 100% like Kubernetes as you know it. But for everyone else, from the outside, it’s runtime-encrypted VMs talking over encrypted channels and writing encrypted data. Sounds like magic?

Until now: infrastructure-based threats

CloudCloud provider andinfrastructure-based threatscan access your data.

With Constellation: fully isolated Kubernetes...

CloudYour Kubernetesdeployments are runtime-encrypted and shieldedfrom the infrastructure

...that runs any container securely and at scale.

Security experts and cloud architects love Constellation

Super secure, always encrypted

Encrypt data even while in use and isolate your workloads from the infrastructure.

End-to-end verifiability

Get cryptographic proof that your stored data is protected against unauthorized access.

Great performance

Run the world’s most secure Kubernetes—without compromising on performance.

Runs on all major clouds

Run Constellation on Azure, GCP, AWS, or contact us to ask about your infrastructure.

Easy deployment

Just a few commands on your CLI and you are ready to embark on your confidential journey.

Runs all your containers

All your applications can stay just as they are and no code changes are required.

Kubernetes meets Confidential Computing

In this talk at the 3rd iteration of the Open Confidential Computing Conference (OC3), our Chief Architect Moritz and Security Software Engineer Malte explain the different approaches for running confidential-computing workloads on Kubernetes. They then illustrate the architecture of Constellation, the concept of Confidential Kubernetes and why confidential virtual machines are not enough for maximum security and privacy in the public cloud. They conclude with a live demo of complex real-world applications running on Constellation in the public cloud.

Please accept marketing-cookies to watch this video.

Constellation solves the "trust problem" of the cloud

Constellation leverages the latest confidential computing technology to make your containerized workloads end-to-end encrypted and verifiable. Even the cloud provider cannot access your data anymore.

Constellation works with all major clouds. It enables you to lift and shift existing Kubernetes deployments to unprecedented levels of security without changing tools or code. Constellation makes confidential computing easy-to-use, easy-to-scale, and enterprise-ready.

Turn the public cloud into your private cloud.

Why do we need a confidential public cloud?

Enterprises leverage public cloud infrastructure to improve cost-efficiency, reliability, and scalability of business applications. However, cloud computing is also inherently subject to data privacy and security concerns.

In public cloud environments, it used to be impossible to tell who has access to your data. The cloud infrastructure could be compromised by hackers or malware, or malicious insiders could be able to access underlying systems without leaving a trace. As such, data leaks and compliance violations are major risks associated with cloud transformation.

Consequently, enterprises are cautious to move sensitive or mission-critical applications to the cloud, leaving large amounts of potential value untapped. To address this, enterprises are spending large amounts on 3rd party cloud-security products. Still, the fundamental problem of having to fully trust the cloud infrastructure remains unsolved, as existing solutions can at best mitigate the risk or detect breaches after they happened.

Set up Constellation in minutes

With an easy-to-use Command Line Interface (CLI), a new Confidential Kubernetes cluster is up and running in minutes.

Constellation vs. existing confidential VM Solutions

GKE/AKS with confidential VMsConstellation
Runtime encryptionincludedincluded
Full cluster attestationnot includedincluded
Confidential networkingnot includedincluded
Confidential storagenot includedincluded
Confidential key managementnot includedincluded
Cloud agnostic / multi-cloudnot includedincluded

Embark into the future of cloud security

Get in touch to schedule a personal demo and see Constellation in action.

Download solution brief

Book a demo

Constellation is a CNCF certified, secure Kubernetes distribution

Our Confidential Kubernetes distribution is certified by the Cloud Native Computing Foundation (CNCF), which ensures compatibility with all existing K8s tooling. Also, we implement Kubernetes security updates within 24 hours - much faster than any other K8s distribution.

Constellation complies with the latest CIS Kubernetes security benchmarks

The benchmarks from the Center for Internet Security (CIS) are internationally and cross-industry recognized security standards for defending IT systems and data against cyberattacks. Our Confidential Kubernetes distribution officially complies with their latest Kubernetes security benchmarks.
Logos/CIS/CIS_logo_no-tag_stacked_large