⭐ Star us on GitHub — it motivates us a lot!

![](docs/constellation-header.png)

Welcome to Constellation!

Constellation is the first Confidential Kubernetes platform. It leverages confidential computing to isolate entire Kubernetes clusters and all workloads from the rest of the cloud infrastructure.

Constellation License E2E Test Azure E2E Test GCP Go Report Discord Twitter

## Table of contents - [✨ What is Constellation?](#-what-is-constellation) - [🛠 Features](#-features) - [Everything always encrypted](#everything-always-encrypted) - [Everything verifiable](#everything-verifiable) - [Performance and scale](#performance-and-scale) - [100% compatibility](#100-compatibility) - [🚀 Getting started](#-getting-started) - [📖 Documentation](#-documentation) - [👥 Community](#-community) - [🤝 Contributing](#-contributing) - [🗺 Roadmap](#-roadmap) - [❓ Support & Enterprise Support](#-support--enterprise-support) - [📃 License](#-license) ## ✨ What is Constellation? From the inside, it's a fully featured, [certified] Kubernetes engine. From the outside, it's an end to end isolated, always encrypted stronghold. A Confidential Cloud in the public cloud. Constellation is open source and enterprise-ready, tailored for unleashing the power of confidential computing for all your workloads at scale. Constellation product overview For a brief introduction to the Confidential Kubernetes concept, read the [introduction][confidential-kubernetes]. For more elaborate overviews of Constellation, see the [architecture] documentation. ## 🛠 Features ### Everything always encrypted - Memory runtime encryption of all Kubernetes nodes - [Transparent network encryption][network-encryption] for the entire cluster node to node traffic. Provided by [Cilium], application independent, no sidecar required - [Persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) encryption for block storage. [Encrypted in the confidential Kubernetes context][storage-encryption], keys and plaintext data never leave the cluster. No trust in the cloud storage backend required - [Key management][key-management] for transparent network and storage encryption ### Everything verifiable - [Verifiable][cluster-attestation] integrity and confidentiality of the entire Kubernetes cluster - Kubernetes node attestation based on confidential computing. Nodes are [verified][node-attestation] on their integrity and identity with a hardware-based remote attestation procedure before joining the cluster - [Supply chain protection][supply-chain] with [sigstore](https://www.sigstore.dev/) - [Confidential computing-optimized][images], fully measured, and integrity-protected node OS ### Performance and scale - High-available, enterprise-ready Kubernetes engine - Multi-master architecture - [Stacked etcd topology][etcd-stacked] - Dynamic cluster autoscaling ### 100% compatibility - [Certified][certified] Kubernetes engine - Works with all your existing containers and tools - The only cloud-agnostic Confidential Kubernetes platform - Aligned to the [version support policy of Kubernetes][k8s-version-support] - [Cilium][Cilium] networking ## 🚀 Getting started ![Constellation Shell](docs/constellation-shell-windowframe.svg) Sounds great, how can I try this? Constellation can be deployed in minutes to your favorite infrastructure provider: :wrench: [Install][install] :lock: [Deploy][deploy] :white_check_mark: [Profit][examples] ## 📖 Documentation * [Concept][confidential-kubernetes] * [Threat model][threat-model] * [Architecture][architecture] * [Installing the CLI][install] * [Creating a Constellation cluster][deploy] ## 👥 Community * Got a question? Please get in touch via [Discord][discord] or file an [issue][github-issues]. * If you see an error message or run into an issue, please make sure to create a [bug report][github-issues]. * Get the latest news and announcements on [Twitter][twitter], [LinkedIn][linkedin] or sign up for our monthly [newsletter][newsletter]. * Visit our [blog](https://blog.edgeless.systems/) for technical deep-dives and tutorials. ## 🤝 Contributing * Read [`CONTRIBUTING.md`](CONTRIBUTING.md) for information on issue reporting, code guidelines, and how to work in this repository. * Pull requests are welcome! You need to agree to our [Contributor License Agreement][cla-assistant]. * This project and everyone participating in it are governed by the [Code of Conduct](/CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code. * To report a security issue, write to security@edgeless.systems. ## 🗺 Roadmap Constellation maintains a [public roadmap][TODO]. It gives a high-level view of the main priorities for the project, the maturity of different features, and how to influence the project direction. ## ❓ Support & Enterprise Support If you require a cluster with more than 8 vCPUs or need other services such as enterprise support: [Contact us][contact] or find more information on the [Constellation product page][constellation-product]. ## 📃 License TODO [architecture]: https://docs.edgeless.systems/constellation/latest/#/architecture/overview [certified]: https://www.cncf.io/certification/software-conformance/ [Cilium]: https://cilium.io/ [cla-assistant]: https://cla-assistant.io/edgelesssys/constellation [cluster-attestation]: https://docs.edgeless.systems/constellation/latest/#/architecture/attestation?id=cluster-attestation [community-license]: https://docs.edgeless.systems/constellation/latest/#/getting-started/license [confidential-computing]: https://www.edgeless.systems/resources/confidential-computing/ [confidential-kubernetes]: https://docs.edgeless.systems/constellation/latest/#/getting-started/confidential-kubernetes [Constellation]: https://www.edgeless.systems/products/constellation/ [constellation-product]: https://www.edgeless.systems/products/constellation/ [contact]: https://www.edgeless.systems/contact/ [deploy]: https://docs.edgeless.systems/constellation/latest/#/workflows/create [discord]: https://discord.gg/rH8QTH56JN [discord-badge]: https://img.shields.io/badge/chat-on%20Discord-blue [documentation]: https://docs.edgeless.systems/constellation/latest [e2eTestAzure]: https://github.com/edgelesssys/constellation/actions/workflows/e2e-test-azure.yml/badge.svg?branch=main [e2eTestGCP]: https://github.com/edgelesssys/constellation/actions/workflows/e2e-test-gcp.yml/badge.svg?branch=main [etcd-stacked]: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/ha-topology/#stacked-etcd-topology [examples]: https://docs.edgeless.systems/constellation/latest/#/getting-started/examples [getting-started]: https://docs.edgeless.systems/constellation/latest/#/getting-started/install [github-issues]: https://github.com/edgelesssys/constellation/issues/new/choose [go-report-card]: https://goreportcard.com/report/github.com/edgelesssys/constellation [go-report-card-badge]: https://goreportcard.com/badge/github.com/edgelesssys/constellation [images]: https://docs.edgeless.systems/constellation/latest/#/architecture/images?id=constellation-images [install]: https://docs.edgeless.systems/constellation/latest/#/getting-started/install [join-service]: https://docs.edgeless.systems/constellation/latest/#/architecture/components?id=joinservice [k8s-version-support]: https://docs.edgeless.systems/constellation/latest/#/architecture/versions?id=kubernetes-support-policy [key-management]: https://docs.edgeless.systems/constellation/latest/#/architecture/keys?id=constellation-managed-key-management [license]: https://github.com/edgelesssys/constellation/blob/master/LICENSE [license-badge]: https://img.shields.io/github/license/edgelesssys/constellation [linkedin]: https://www.linkedin.com/company/edgeless-systems/ [network-encryption]: https://docs.edgeless.systems/constellation/latest/#/architecture/keys?id=network-encryption [newsletter]: https://www.edgeless.systems/#newsletter-signup [node-attestation]: https://docs.edgeless.systems/constellation/latest/#/architecture/attestation?id=node-attestation [storage-encryption]: https://docs.edgeless.systems/constellation/latest/#/architecture/keys?id=storage-encryption [supply-chain]: https://docs.edgeless.systems/constellation/latest/#/architecture/attestation?id=chain-of-trust [troubleshooting]: https://docs.edgeless.systems/constellation/latest/#/workflows/troubleshooting [threat-model]: https://docs.edgeless.systems/constellation/latest/#/getting-started/threat-model [twitter]: https://twitter.com/EdgelessSystems