Add STACKIT to readme (#2988)

* Add STACKIT to readme

and sort CSPs alphabetically in sentences

* fix links

docs/versioned_docs/version-2.7/architecture/keys.md

@@ -105,7 +105,7 @@ Initially, it will support the following KMSs:
 * [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/#product-overview)
 * [KMIP-compatible KMS](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip)
 
-Storing the keys in Cloud KMS of AWS, GCP, or Azure binds the key usage to the particular cloud identity access management (IAM).
+Storing the keys in Cloud KMS of AWS, Azure, or GCP binds the key usage to the particular cloud identity access management (IAM).
 In the future, Constellation will support remote attestation-based access policies for Cloud KMS once available.
 Note that using a Cloud KMS limits the isolation and protection to the guarantees of the particular offering.
 

docs/versioned_docs/version-2.7/getting-started/install.md

@@ -11,7 +11,7 @@ Make sure the following requirements are met:
 - Your machine is running Linux or macOS
 - You have admin rights on your machine
 - [kubectl](https://kubernetes.io/docs/tasks/tools/) is installed
-- Your CSP is Microsoft Azure, Google Cloud Platform (GCP), or Amazon Web Services (AWS)
+- Your CSP is Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP)
 
 ## Install the Constellation CLI
 
@@ -52,7 +52,6 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c
 sudo install constellation-linux-arm64 /usr/local/bin/constellation
 ```
 
-
 </tabItem>
 
 <tabItem value="darwin-arm64" label="macOS (Apple Silicon)">
@@ -71,8 +70,6 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c
 sudo install constellation-darwin-arm64 /usr/local/bin/constellation
 ```
 
-
-
 </tabItem>
 
 <tabItem value="darwin-amd64" label="macOS (Intel)">
@@ -437,7 +434,6 @@ Options and first steps are described in the [AWS CLI documentation](https://doc
 
 </tabItem>
 
-
 </tabs>
 
 ## Next steps

docs/versioned_docs/version-2.7/overview/clouds.md

@@ -28,20 +28,19 @@ With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-comp
 
 ## Google Cloud Platform (GCP)
 
-The [CVMs Generally Available in GCP](https://cloud.google.com/compute/confidential-vm/docs/create-confidential-vm-instance) are based on AMD SEV but don't have SNP features enabled.
+The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#amd_sev) are based on AMD SEV but don't have SNP features enabled.
 CVMs with SEV-SNP enabled are currently in [private preview](https://cloud.google.com/blog/products/identity-security/rsa-snp-vm-more-confidential). Regarding (3), with their SEV-SNP offering Google provides direct access to remote-attestation statements.
 However, regarding (4), the CVMs still include closed-source firmware.
 
 Intel and Google have [collaborated](https://cloud.google.com/blog/products/identity-security/rsa-google-intel-confidential-computing-more-secure) to enhance the security of TDX, and have recently [revealed](https://venturebeat.com/security/intel-launches-confidential-computing-solution-for-virtual-machines/) their plans to make TDX compatible with Google Cloud.
 
 ## Amazon Web Services (AWS)
+
 Amazon EC2 [supports AMD SEV-SNP](https://aws.amazon.com/de/about-aws/whats-new/2023/04/amazon-ec2-amd-sev-snp/). Regarding (3), AWS provides direct access to remote-attestation statements.
 However, attestation is partially based on the [NitroTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by the Nitro hypervisor. Hence, the hypervisor is currently part of Constellation's TCB.
 
 \* Regarding (4), the CVMs include initial firmware inside the CVM based on [OVMF](https://github.com/tianocore/tianocore.github.io/wiki/OVMF). Once this firmware will be reproducible and therefore verifiable, (4) switches from *No* to *Yes*.
 
-
-
 ## OpenStack
 
 OpenStack is an open-source cloud and infrastructure management software. It's used by many smaller CSPs and datacenters. In the latest *Yoga* version, OpenStack has basic support for CVMs. However, much depends on the employed kernel and hypervisor. Features (2)--(4) are likely to be a *Yes* with Linux kernel version 6.2. Thus, going forward, OpenStack on corresponding AMD or Intel hardware will be a viable underpinning for Constellation.

docs/versioned_docs/version-2.7/overview/performance.md

@@ -63,7 +63,6 @@ The following infrastructure configurations was used:
 - CVM: `false`
 - Zone: `europe-west3-b`
 
-
 ### Results
 
 #### Network
@@ -71,7 +70,7 @@ The following infrastructure configurations was used:
 This section gives a thorough analysis of the network performance of Constellation, specifically focusing on measuring TCP and UDP bandwidth.
 The benchmark measured the bandwidth of pod-to-pod and pod-to-service connections between two different nodes using [`iperf`](https://iperf.fr/).
 
-GKE and Constellation on GCP had a maximum network bandwidth of [10 Gbps](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machineshttps://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines).
+GKE and Constellation on GCP had a maximum network bandwidth of [10 Gbps](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines).
 AKS with `Standard_D4as_v5` machines a maximum network bandwidth of [12.5 Gbps](https://learn.microsoft.com/en-us/azure/virtual-machines/dasv5-dadsv5-series#dasv5-series).
 The Confidential VM equivalent `Standard_DC4as_v5` currently  has a network bandwidth of [1.25 Gbps](https://learn.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series#dcasv5-series-products).
 Therefore, to make the test comparable, both AKS and Constellation on Azure were running with `Standard_DC4as_v5` machines and 1.25 Gbps bandwidth.
@@ -79,11 +78,10 @@ Therefore, to make the test comparable, both AKS and Constellation on Azure were
 Constellation on Azure and AKS used an MTU of 1500.
 Constellation on GCP used an MTU of 8896. GKE used an MTU of 1450.
 
-
 The difference in network bandwidth can largely be attributed to two factors.
 
-* Constellation's [network encryption](../architecture/networking.md) via Cilium and WireGuard, which protects data in-transit.
-* [AMD SEV using SWIOTLB bounce buffers](https://lore.kernel.org/all/20200204193500.GA15564@ashkalra_ubuntu_server/T/) for all DMA including network I/O.
+- Constellation's [network encryption](../architecture/networking.md) via Cilium and WireGuard, which protects data in-transit.
+- [AMD SEV using SWIOTLB bounce buffers](https://lore.kernel.org/all/20200204193500.GA15564@ashkalra_ubuntu_server/T/) for all DMA including network I/O.
 
 ##### Pod-to-Pod
 
@@ -134,6 +132,7 @@ The results for "Pod-to-Pod" on GCP are as follows:
 In our recent comparison of Constellation on GCP with GKE, Constellation has 58% less TCP bandwidth. However, UDP bandwidth was slightly better with Constellation, thanks to its higher MTU.
 
 Similarly, when comparing Constellation on Azure with AKS using CVMs, Constellation achieved approximately 10% less TCP and 40% less UDP bandwidth.
+
 #### Storage I/O
 
 Azure and GCP offer persistent storage for their Kubernetes services AKS and GKE via the Container Storage Interface (CSI). CSI storage in Kubernetes is available via `PersistentVolumes` (PV) and consumed via `PersistentVolumeClaims` (PVC).
@@ -143,21 +142,25 @@ Similarly, upon a PVC request, Constellation will provision a PV via a default s
 
 For Constellation on Azure and AKS, the benchmark ran with Azure Disk storage [Standard SSD](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#standard-ssds) of 400 GiB size.
 The [DC4as machine type](https://learn.microsoft.com/en-us/azure/virtual-machines/dasv5-dadsv5-series#dasv5-series) with four cores provides the following maximum performance:
+
 - 6400 (20000 burst) IOPS
 - 144 MB/s (600 MB/s burst) throughput
 
 However, the performance is bound by the capabilities of the [512 GiB Standard SSD size](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#standard-ssds) (the size class of 400 GiB volumes):
+
 - 500 (600 burst) IOPS
 - 60 MB/s (150 MB/s burst) throughput
 
 For Constellation on GCP and GKE, the benchmark ran with Compute Engine Persistent Disk Storage [pd-balanced](https://cloud.google.com/compute/docs/disks) of 400 GiB size.
 The N2D machine type with four cores and pd-balanced provides the following [maximum performance](https://cloud.google.com/compute/docs/disks/performance#n2d_vms):
+
 - 3,000 read IOPS
 - 15,000 write IOPS
 - 240 MB/s read throughput
 - 240 MB/s write throughput
 
 However, the performance is bound by the capabilities of a [`Zonal balanced PD`](https://cloud.google.com/compute/docs/disks/performance#zonal-persistent-disks) with 400 GiB size:
+
 - 2400 read IOPS
 - 2400 write IOPS
 - 112 MB/s read throughput
@@ -180,7 +183,6 @@ The following `fio` settings were used:
 
 For more details, see the [`fio` test configuration](../../../../.github/actions/e2e_benchmark/fio.ini).
 
-
 The results for IOPS on Azure are as follows:
 
 ![I/O IOPS Azure benchmark graph](../_media/benchmark_fio_azure_iops.png)

docs/versioned_docs/version-2.7/overview/product.md

@@ -6,6 +6,6 @@ From a security perspective, Constellation implements the [Confidential Kubernet
 
 From an operational perspective, Constellation provides the following key features:
 
-* **Native support for different clouds**: Constellation works on Microsoft Azure, Google Cloud Platform (GCP), and Amazon Web Services (AWS). Support for OpenStack-based environments is coming with a future release. Constellation securely interfaces with the cloud infrastructure to provide [cluster autoscaling](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler), [dynamic persistent volumes](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/), and [service load balancing](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer).
+* **Native support for different clouds**: Constellation works on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Support for OpenStack-based environments is coming with a future release. Constellation securely interfaces with the cloud infrastructure to provide [cluster autoscaling](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler), [dynamic persistent volumes](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/), and [service load balancing](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer).
 * **High availability**: Constellation uses a [multi-master architecture](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/high-availability/) with a [stacked etcd topology](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/ha-topology/#stacked-etcd-topology) to ensure high availability.
 * **Integrated Day-2 operations**: Constellation lets you securely [upgrade](../workflows/upgrade.md) your cluster to a new release. It also lets you securely [recover](../workflows/recovery.md) a failed cluster. Both with a single command.