OC3 registrations are now open! Join the premier event for confidential computing online or in Berlin on March 27.

Constellation press release

Press Release

Constellation is now open source

Edgeless Systems Releases First Runtime-Encrypted Kubernetes as Open Source


Bochum, Germany — September 13, 2022


Edgeless Systems, a pioneering Confidential Computing company that is turning the public cloud into the safest place for sensitive data, today announced the open source release of Constellation, the first Confidential Kubernetes. Constellation allows anyone to keep their Kubernetes clusters verifiably shielded from the underlying cloud infrastructure and encrypted end-to-end. It is available now on GitHub and comes with new unique features such as “whole cluster” attestation.

“Edgeless Systems is building the open source infrastructure for the Confidential Computing revolution,” said Felix Schuster, CEO, of Edgeless Systems. “The hardware and features required for Constellation mostly weren’t even available in the cloud 12 months ago, but we started the necessary work to ensure Kubernetes users can secure all their data - at rest, in transit, and now in use. By making Constellation available to everyone, we can help accelerate the adoption of more secure cloud computing workloads.”

Confidential Computing is a hardware-based technology that shields computer workloads from their environments and keeps data encrypted even during processing, which is a massive requirement as computing spans increasingly diverse environments and enterprises and developers are managing increasing security and compliance concerns. Constellation shields workloads and the control plane from the infrastructure and ensures that all data is encrypted at rest, in transit, and in use. These properties can be verified remotely based on hardware-rooted certificates. Constellation works with Microsoft Azure and Google Cloud Platform (support for OpenStack and other CSPs like AWS is planned) and doesn’t require changes to workloads or existing tooling. It is a CNCF-certified Kubernetes.

Edgeless Systems is releasing new features with the open-source Constellation, including Sigstore-based attestation of Kubernetes nodes and artifacts, and automatic and config-free encryption of cloud storage and all node-to-node networking. Overall, Constellation provides breakthrough security and data protection for K8s-based workloads by effectively preventing any access from the underlying infrastructure. Not even privileged cloud admins, data center employees, or APTs (advanced persistent threats) in the infrastructure can access data inside Constellation at any time. This substantially helps prevent data breaches. It finally allows Kubernetes users to move sensitive workloads to the cloud, reducing costs, and creating more secure SaaS offerings to attract new customers.

“Sigstore enables everyone to protect their software supply chains. It’s amazing to see how, with Constellation, Edgeless Systems managed to bootstrap an end-to-end verifiable and encrypted Kubernetes on top of this,” said Dan Lorenc, CEO of Chainguard and co-creator of Sigstore.


About Edgeless Systems

Edgeless Systems elevates the security of enterprise applications and workflows to unprecedented levels, enabling new and exciting forms of trustworthy data processing in the public cloud. Co-founded by Felix Schuster and Thomas Tendyck, both pioneers of the Confidential Computing space, Edgeless Systems makes the public cloud the safest place for sensitive data and intellectual property. It is also home to open-source tools that include EdgelessDB, MarbleRun, and EGo.