constellation/docs/versioned_docs/version-2.12/architecture/overview.md

# Overview

Constellation is a cloud-based confidential orchestration platform.
The foundation of Constellation is Kubernetes and therefore shares the same technology stack and architecture principles.
To learn more about Constellation and Kubernetes, see [product overview](../overview/product.md).

## About orchestration and updates

As a cluster administrator, you can use the [Constellation CLI](orchestration.md) to install and deploy a cluster.
Updates are provided in accordance with the [support policy](versions.md).

## About microservices and attestation

Constellation manages the nodes and network in your cluster. All nodes are bootstrapped by the [*Bootstrapper*](microservices.md#bootstrapper). They're verified and authenticated by the [*JoinService*](microservices.md#joinservice) before being added to the cluster and the network. Finally, the entire cluster can be verified via the [*VerificationService*](microservices.md#verificationservice) using [remote attestation](attestation.md).

## About node images and verified boot

Constellation comes with operating system images for Kubernetes control-plane and worker nodes.
They're highly optimized for running containerized workloads and specifically prepared for running inside confidential VMs.
You can learn more about [the images](images.md) and how verified boot ensures their integrity during boot and beyond.

## About key management and cryptographic primitives

Encryption of data at-rest, in-transit, and in-use is the fundamental building block for confidential computing and Constellation. Learn more about the [keys and cryptographic primitives](keys.md) used in Constellation, [encrypted persistent storage](encrypted-storage.md), and [network encryption](networking.md).

## About observability

Observability in Kubernetes refers to the capability to swiftly troubleshoot issues using telemetry signals such as logs, metrics, and traces.
In the realm of Confidential Computing, it's crucial that observability aligns with confidentiality, necessitating careful implementation.
Learn more about the [observability capabilities in Constellation](./observability.md).
docs: add release v2.12.0 2023-10-10 04:40:46 -04:00			`# Overview`

			`Constellation is a cloud-based confidential orchestration platform.`
			`The foundation of Constellation is Kubernetes and therefore shares the same technology stack and architecture principles.`
			`To learn more about Constellation and Kubernetes, see [product overview](../overview/product.md).`

			`## About orchestration and updates`

			`As a cluster administrator, you can use the [Constellation CLI](orchestration.md) to install and deploy a cluster.`
			`Updates are provided in accordance with the [support policy](versions.md).`

			`## About microservices and attestation`

			`Constellation manages the nodes and network in your cluster. All nodes are bootstrapped by the [Bootstrapper](microservices.md#bootstrapper). They're verified and authenticated by the [JoinService](microservices.md#joinservice) before being added to the cluster and the network. Finally, the entire cluster can be verified via the [VerificationService](microservices.md#verificationservice) using [remote attestation](attestation.md).`

			`## About node images and verified boot`

			`Constellation comes with operating system images for Kubernetes control-plane and worker nodes.`
			`They're highly optimized for running containerized workloads and specifically prepared for running inside confidential VMs.`
			`You can learn more about [the images](images.md) and how verified boot ensures their integrity during boot and beyond.`

			`## About key management and cryptographic primitives`

			`Encryption of data at-rest, in-transit, and in-use is the fundamental building block for confidential computing and Constellation. Learn more about the [keys and cryptographic primitives](keys.md) used in Constellation, [encrypted persistent storage](encrypted-storage.md), and [network encryption](networking.md).`

			`## About observability`

			`Observability in Kubernetes refers to the capability to swiftly troubleshoot issues using telemetry signals such as logs, metrics, and traces.`
			`In the realm of Confidential Computing, it's crucial that observability aligns with confidentiality, necessitating careful implementation.`
			`Learn more about the [observability capabilities in Constellation](./observability.md).`