OC3 registrations are now open! Join the premier event for confidential computing online or in Berlin on March 27.
Constellation
Constellation leverages confidential computing to isolate entire Kubernetes clusters from the infrastructure. Finally, the public cloud turns into your private cloud.
All data in the cluster remains encrypted in all states - at rest, in transit, and during processing.
The integrity of the entire cluster is verified based on cryptographic certificates and latest supply-chain security mechanisms.
High availability, autoscaling, and close to native performance.
By encrypting your entire K8s cluster, Constellation supports you in migrating
sensitive workloads to the cloud with maximum security and increasing your
SaaS offerings' trustworthiness. Constellation will help you prevent
data breaches and address regulatory requirements like GDPR
and DORA. Constellation works on all major clouds.
Constellation can be set up in minutes in your favorite cloud with an easy-to-use CLI. Afterwards, you can connect your favorite Kubernetes tooling via the kubeadm interface.
01.
02.
03.
For end-to-end confidentiality, it is not enough to use managed Kubernetes offerings like AKS, EKS, or GKE with Confidential VMs. Many attack vectors remain.
This ensures compatibility with all existing Kubernetes tooling. On top, we implement Kubernetes security updates within 24 hours.
Constellation achieves SLSA Level 3. With reproducible builds, hardware-based attestation, and sigstore-based software signatures throughout, Constellation is leading the way in supply-chain security for Kubernetes.
The benchmarks from the Center for Internet Security (CIS) are widely recognized standards for defending IT systems against cyberattacks.
This enables granular cluster traffic control via eBPF and ensures complete encryption. As a result, the Kubernetes clusters are fully isolated from the infrastructure and entirely secured.
The source code of Constellation is accessible for anyone to review on GitHub. This enables meaningful remote attestation.
Constellation’s ease of use meant that Organized Crime and Corruption Reporting Project (OCCRP) developers could easily implement it and subsequently continue focusing on the other technical tools that augment their journalists’ work. With Constellation, OCCRP could rest assured that the most valuable information remains safe for use by international journalists.
Which cloud platforms support Constellation?
Can Constellation run on-prem? What are the requirements?
Is Constellation compatible with Kubernetes distributions like OpenShift, Rancher/RKE, or Tanzu?
What is the commercial model for Constellation?
What happens when I reach my quota limit?
What’s the difference between Constellation and Contrast? When should I use each?
Has Constellation undergone a penetration test?
Do I have to change my application?
Can I use Constellation with Infrastructure-as-Code, GitOps, service mesh, or security tools?
Where are keys stored in Constellation?