Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2026-01-02 16:30:19 -05:00
Code Issues Projects Releases Packages Wiki Activity
constellation/getting-started/first-steps/index.html

90 lines
No EOL
43 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" dir="ltr" class="docs-wrapper plugin-docs plugin-id-default docs-version-2.24 docs-doc-page docs-doc-id-getting-started/first-steps" data-has-hydrated="false">
<head>
<meta charset="UTF-8">
<meta name="generator" content="Docusaurus v3.9.2">
<title data-rh="true">First steps with Constellation | Constellation</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://docs.edgeless.systems/constellation/getting-started/first-steps"><meta data-rh="true" property="og:locale" content="en"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="2.24"><meta data-rh="true" name="docusaurus_tag" content="docs-default-2.24"><meta data-rh="true" name="docsearch:version" content="2.24"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-2.24"><meta data-rh="true" property="og:title" content="First steps with Constellation | Constellation"><meta data-rh="true" name="description" content="The following steps guide you through the process of creating a cluster and deploying a sample app. This example assumes that you have successfully installed and set up Constellation,"><meta data-rh="true" property="og:description" content="The following steps guide you through the process of creating a cluster and deploying a sample app. This example assumes that you have successfully installed and set up Constellation,"><link data-rh="true" rel="icon" href="/constellation/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://docs.edgeless.systems/constellation/getting-started/first-steps"><link data-rh="true" rel="alternate" href="https://docs.edgeless.systems/constellation/getting-started/first-steps" hreflang="en"><link data-rh="true" rel="alternate" href="https://docs.edgeless.systems/constellation/getting-started/first-steps" hreflang="x-default"><script data-rh="true" type="application/ld+json">{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Getting started","item":"https://docs.edgeless.systems/constellation/category/getting-started"},{"@type":"ListItem","position":2,"name":"First steps (cloud)","item":"https://docs.edgeless.systems/constellation/getting-started/first-steps"}]}</script><script src="/constellation/gtagman.js" async data-cookieconsent="ignore"></script><link rel="stylesheet" href="/constellation/assets/css/styles.9ca3c5b3.css">
<script src="/constellation/assets/js/runtime~main.87c4c513.js" defer="defer"></script>
<script src="/constellation/assets/js/main.add27954.js" defer="defer"></script>
</head>
<body class="navigation-with-keyboard">
<svg style="display: none;"><defs>
<symbol id="theme-svg-external-link" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"/></symbol>
</defs></svg>
<script>document.documentElement.setAttribute("data-theme","light"),document.documentElement.setAttribute("data-theme-choice","light"),function(){try{const n=new URLSearchParams(window.location.search).entries();for(var[t,e]of n)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}(),document.documentElement.setAttribute("data-announcement-bar-initially-dismissed",function(){try{return"true"===localStorage.getItem("docusaurus.announcement.dismiss")}catch(t){}return!1}())</script><div id="__docusaurus"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><div class="theme-announcement-bar announcementBar_mb4j" style="background-color:#E7E6E6" role="banner"><div class="announcementBarPlaceholder_vyr4"></div><div class="content_knG7 announcementBarContent_xLdY">If you like Constellation, give it a star on <a target="_blank" rel="noopener noreferrer" href="https://github.com/edgelesssys/constellation">GitHub</a> ⭐️</div><button type="button" aria-label="Close" class="clean-btn close closeButton_CVFx announcementBarClose_gvF7"><svg viewBox="0 0 15 15" width="14" height="14"><g stroke="currentColor" stroke-width="3.1"><path d="M.75.75l13.5 13.5M14.25.75L.75 14.25"></path></g></svg></button></div><nav aria-label="Main" class="theme-layout-navbar navbar navbar--fixed-top"><div class="navbar__inner"><div class="theme-layout-navbar-left navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/constellation/"><div class="navbar__logo"><img src="/constellation/img/logos/constellation_oneline.svg" alt="Constellation Logo" class="themedComponent_mlkZ themedComponent--light_NVdE"><img src="/constellation/img/logos/constellation_oneline.svg" alt="Constellation Logo" class="themedComponent_mlkZ themedComponent--dark_xIcU"></div></a></div><div class="theme-layout-navbar-right navbar__items navbar__items--right"><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a aria-current="page" class="navbar__link active" aria-haspopup="true" aria-expanded="false" role="button" href="/constellation/getting-started/first-steps">2.24</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/constellation/next/getting-started/first-steps">Next</a></li><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/constellation/getting-started/first-steps">2.24</a></li><li><a class="dropdown__link" href="/constellation/2.23/getting-started/first-steps">2.23</a></li><li><a class="dropdown__link" href="/constellation/2.22/getting-started/first-steps">2.22</a></li></ul></div><a href="https://github.com/edgelesssys/constellation" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-github-link"></a><div class="navbarSearchContainer_Bca1"><div class="dsla-search-wrapper"><div class="dsla-search-field" data-tags="default,docs-default-2.24"></div></div></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="theme-layout-main main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG menuWithAnnouncementBar_GW3s"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/constellation/"><span title="Introduction" class="linkLabel_WmDU">Introduction</span></a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/category/basics"><span title="Basics" class="categoryLinkLabel_W154">Basics</span></a><button aria-label="Expand sidebar category &#x27;Basics&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist menu__link--active" href="/constellation/category/getting-started"><span title="Getting started" class="categoryLinkLabel_W154">Getting started</span></a><button aria-label="Collapse sidebar category &#x27;Getting started&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/getting-started/install"><span title="Installation" class="linkLabel_WmDU">Installation</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/constellation/getting-started/first-steps"><span title="First steps (cloud)" class="linkLabel_WmDU">First steps (cloud)</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/getting-started/first-steps-local"><span title="First steps (local)" class="linkLabel_WmDU">First steps (local)</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/getting-started/marketplaces"><span title="Cloud Marketplaces" class="linkLabel_WmDU">Cloud Marketplaces</span></a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" tabindex="0" href="/constellation/getting-started/examples"><span title="Examples" class="categoryLinkLabel_W154">Examples</span></a><button aria-label="Expand sidebar category &#x27;Examples&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/category/workflows"><span title="Workflows" class="categoryLinkLabel_W154">Workflows</span></a><button aria-label="Expand sidebar category &#x27;Workflows&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/category/architecture"><span title="Architecture" class="categoryLinkLabel_W154">Architecture</span></a><button aria-label="Expand sidebar category &#x27;Architecture&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/category/reference"><span title="Reference" class="categoryLinkLabel_W154">Reference</span></a><button aria-label="Expand sidebar category &#x27;Reference&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li></ul></nav></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/constellation/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><a class="breadcrumbs__link" href="/constellation/category/getting-started"><span>Getting started</span></a></li><li class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link">First steps (cloud)</span></li></ul></nav><span class="theme-doc-version-badge badge badge--secondary">Version: 2.24</span><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>First steps with Constellation</h1></header>
<p>The following steps guide you through the process of creating a cluster and deploying a sample app. This example assumes that you have successfully <a class="" href="/constellation/getting-started/install">installed and set up Constellation</a>,
and have access to a cloud subscription.</p>
<div class="theme-admonition theme-admonition-tip admonition_xJq3 alert alert--success"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 12 16"><path fill-rule="evenodd" d="M6.5 0C3.48 0 1 2.19 1 5c0 .92.55 2.25 1 3 1.34 2.25 1.78 2.78 2 4v1h5v-1c.22-1.22.66-1.75 2-4 .45-.75 1-2.08 1-3 0-2.81-2.48-5-5.5-5zm3.64 7.48c-.25.44-.47.8-.67 1.11-.86 1.41-1.25 2.06-1.45 3.23-.02.05-.02.11-.02.17H5c0-.06 0-.13-.02-.17-.2-1.17-.59-1.83-1.45-3.23-.2-.31-.42-.67-.67-1.11C2.44 6.78 2 5.65 2 5c0-2.2 2.02-4 4.5-4 1.22 0 2.36.42 3.22 1.19C10.55 2.94 11 3.94 11 5c0 .66-.44 1.78-.86 2.48zM4 14h5c-.23 1.14-1.3 2-2.5 2s-2.27-.86-2.5-2z"></path></svg></span>tip</div><div class="admonitionContent_BuS1"><p>If you don&#x27;t have a cloud subscription, you can also set up a <a class="" href="/constellation/getting-started/first-steps-local">local Constellation cluster using virtualization</a> for testing.</p></div></div>
<div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>note</div><div class="admonitionContent_BuS1"><p>If you encounter any problem with the following steps, make sure to use the <a href="https://github.com/edgelesssys/constellation/releases/latest" target="_blank" rel="noopener noreferrer" class="">latest release</a> and check out the <a href="https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22" target="_blank" rel="noopener noreferrer" class="">known issues</a>.</p></div></div>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="create-a-cluster">Create a cluster<a href="#create-a-cluster" class="hash-link" aria-label="Direct link to Create a cluster" title="Direct link to Create a cluster" translate="no"></a></h2>
<ol>
<li class="">
<p>Create the <a class="" href="/constellation/workflows/config">configuration file</a> and state file for your cloud provider. If you are following the steps of this guide, there is no need to edit the file.</p>
<div class="theme-tabs-container tabs-container tabList__CuJ"><ul role="tablist" aria-orientation="horizontal" class="tabs"><li role="tab" tabindex="0" aria-selected="true" class="tabs__item tabItem_LNqP tabs__item--active">AWS</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">Azure</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">GCP</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">STACKIT</li></ul><div class="margin-top--md"><div role="tabpanel" class="tabItem_Ymn6"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">constellation config generate aws</span><br></span></code></pre></div></div></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">constellation config generate azure</span><br></span></code></pre></div></div></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">constellation config generate gcp</span><br></span></code></pre></div></div></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">constellation config generate stackit</span><br></span></code></pre></div></div></div></div></div>
</li>
<li class="">
<p>Create your <a class="" href="/constellation/workflows/config#creating-an-iam-configuration">IAM configuration</a>.</p>
<div class="theme-tabs-container tabs-container tabList__CuJ"><ul role="tablist" aria-orientation="horizontal" class="tabs"><li role="tab" tabindex="0" aria-selected="true" class="tabs__item tabItem_LNqP tabs__item--active">AWS</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">Azure</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">GCP</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">STACKIT</li></ul><div class="margin-top--md"><div role="tabpanel" class="tabItem_Ymn6"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config</span><br></span></code></pre></div></div><p>This command creates IAM configuration for the AWS zone <code>us-east-2a</code> using the prefix <code>constellTest</code> for all named resources being created. It also updates the configuration file <code>constellation-conf.yaml</code> in your current directory with the IAM values filled in.</p><p>Depending on the attestation variant selected on config generation, different regions are available.
AMD SEV-SNP machines (requires the default attestation variant <code>awsSEVSNP</code>) are currently available in the following regions:</p><ul>
<li class=""><code>eu-west-1</code></li>
<li class=""><code>us-east-2</code></li>
</ul><p>You can find a list of regions that support AMD SEV-SNP in <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snp-requirements.html" target="_blank" rel="noopener noreferrer" class="">AWS&#x27;s documentation</a>.</p><p>NitroTPM machines (requires the attestation variant <code>awsNitroTPM</code>) are available in all regions.
Constellation OS images are currently replicated to the following regions:</p><ul>
<li class=""><code>eu-central-1</code></li>
<li class=""><code>eu-west-1</code></li>
<li class=""><code>eu-west-3</code></li>
<li class=""><code>us-east-2</code></li>
<li class=""><code>ap-south-1</code></li>
</ul><p>If you require the OS image to be available in another region, <a href="https://github.com/edgelesssys/constellation/issues/new?assignees=&amp;labels=&amp;template=feature_request.md&amp;title=Support+new+AWS+image+region:+xx-xxxx-x" target="_blank" rel="noopener noreferrer" class="">let us know</a>.</p><p>You can find a list of all <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions" target="_blank" rel="noopener noreferrer" class="">regions in AWS&#x27;s documentation</a>.</p></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">constellation iam create azure --subscriptionID 00000000-0000-0000-0000-000000000000 --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config</span><br></span></code></pre></div></div><p>This command creates IAM configuration on the Azure region <code>westus</code> creating a new resource group <code>constellTest</code> and a new service principal <code>spTest</code>. It also updates the configuration file <code>constellation-conf.yaml</code> in your current directory with the IAM values filled in.</p><p>CVMs are available in several Azure regions. Constellation OS images are currently replicated to the following:</p><ul>
<li class=""><code>germanywestcentral</code></li>
<li class=""><code>westus</code></li>
<li class=""><code>eastus</code></li>
<li class=""><code>northeurope</code></li>
<li class=""><code>westeurope</code></li>
<li class=""><code>southeastasia</code></li>
</ul><p>If you require the OS image to be available in another region, <a href="https://github.com/edgelesssys/constellation/issues/new?assignees=&amp;labels=&amp;template=feature_request.md&amp;title=Support+new+Azure+image+region:+xx-xxxx-x" target="_blank" rel="noopener noreferrer" class="">let us know</a>.</p><p>You can find a list of all <a href="https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines&amp;regions=all" target="_blank" rel="noopener noreferrer" class="">regions in Azure&#x27;s documentation</a>.</p></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west3-a --prefix=constell-test --update-config</span><br></span></code></pre></div></div><p>This command creates IAM configuration in the GCP project <code>yourproject-12345</code> on the GCP zone <code>europe-west3-a</code> creating a new service account <code>constell-test</code>. It also updates the configuration file <code>constellation-conf.yaml</code> in your current directory with the IAM values filled in.</p><p>Note that only regions offering CVMs of the <code>C2D</code> or <code>N2D</code> series are supported. You can find a <a href="https://cloud.google.com/compute/docs/regions-zones#available" target="_blank" rel="noopener noreferrer" class="">list of all regions in Google&#x27;s documentation</a>, which you can filter by machine type <code>C2D</code> or <code>N2D</code>.</p></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p>To use Constellation on STACKIT, the cluster will use the User Access Token (UAT) that&#x27;s generated <a class="" href="/constellation/getting-started/install">during the install step</a>.
After creating the accounts, fill in the STACKIT details in <code>constellation-conf.yaml</code> under <code>provider.openstack</code>:</p><ul>
<li class=""><code>stackitProjectID</code>: STACKIT project id (can be found after login on the <a href="https://portal.stackit.cloud" target="_blank" rel="noopener noreferrer" class="">STACKIT portal</a>)</li>
</ul><div class="theme-admonition theme-admonition-caution admonition_xJq3 alert alert--warning"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8.893 1.5c-.183-.31-.52-.5-.887-.5s-.703.19-.886.5L.138 13.499a.98.98 0 0 0 0 1.001c.193.31.53.501.886.501h13.964c.367 0 .704-.19.877-.5a1.03 1.03 0 0 0 .01-1.002L8.893 1.5zm.133 11.497H6.987v-2.003h2.039v2.003zm0-3.004H6.987V5.987h2.039v4.006z"></path></svg></span>caution</div><div class="admonitionContent_BuS1"><p><code>stackitProjectID</code> refers to the ID of your STACKIT project. The STACKIT portal also shows the OpenStack ID that&#x27;s associated with your project in some places. Make sure you insert the STACKIT project ID in the <code>constellation-conf.yaml</code> file. It&#x27;s of the format <code>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</code>.</p></div></div></div></div></div>
<div class="theme-admonition theme-admonition-tip admonition_xJq3 alert alert--success"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 12 16"><path fill-rule="evenodd" d="M6.5 0C3.48 0 1 2.19 1 5c0 .92.55 2.25 1 3 1.34 2.25 1.78 2.78 2 4v1h5v-1c.22-1.22.66-1.75 2-4 .45-.75 1-2.08 1-3 0-2.81-2.48-5-5.5-5zm3.64 7.48c-.25.44-.47.8-.67 1.11-.86 1.41-1.25 2.06-1.45 3.23-.02.05-.02.11-.02.17H5c0-.06 0-.13-.02-.17-.2-1.17-.59-1.83-1.45-3.23-.2-.31-.42-.67-.67-1.11C2.44 6.78 2 5.65 2 5c0-2.2 2.02-4 4.5-4 1.22 0 2.36.42 3.22 1.19C10.55 2.94 11 3.94 11 5c0 .66-.44 1.78-.86 2.48zM4 14h5c-.23 1.14-1.3 2-2.5 2s-2.27-.86-2.5-2z"></path></svg></span>tip</div><div class="admonitionContent_BuS1"><p>To learn about all options you have for managing IAM resources and Constellation configuration, see the <a class="" href="/constellation/workflows/config">Configuration workflow</a>.</p></div></div>
</li>
</ol>
<ol start="3">
<li class="">
<p>Create the cluster. <code>constellation apply</code> uses options set in <code>constellation-conf.yaml</code>.
If you want to manually manage your cloud resources, for example by using <a class="" href="/constellation/reference/terraform">Terraform</a>, follow the corresponding instructions in the <a class="" href="/constellation/workflows/create">Create workflow</a>.</p>
<div class="theme-admonition theme-admonition-tip admonition_xJq3 alert alert--success"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 12 16"><path fill-rule="evenodd" d="M6.5 0C3.48 0 1 2.19 1 5c0 .92.55 2.25 1 3 1.34 2.25 1.78 2.78 2 4v1h5v-1c.22-1.22.66-1.75 2-4 .45-.75 1-2.08 1-3 0-2.81-2.48-5-5.5-5zm3.64 7.48c-.25.44-.47.8-.67 1.11-.86 1.41-1.25 2.06-1.45 3.23-.02.05-.02.11-.02.17H5c0-.06 0-.13-.02-.17-.2-1.17-.59-1.83-1.45-3.23-.2-.31-.42-.67-.67-1.11C2.44 6.78 2 5.65 2 5c0-2.2 2.02-4 4.5-4 1.22 0 2.36.42 3.22 1.19C10.55 2.94 11 3.94 11 5c0 .66-.44 1.78-.86 2.48zM4 14h5c-.23 1.14-1.3 2-2.5 2s-2.27-.86-2.5-2z"></path></svg></span>tip</div><div class="admonitionContent_BuS1"><p>On Azure, you may need to wait 15+ minutes at this point for role assignments to propagate.</p></div></div>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">constellation apply -y</span><br></span></code></pre></div></div>
<p>This should look similar to the following:</p>
<div class="language-shell-session codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-shell-session codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token command shell-symbol important">$</span><span class="token command"> </span><span class="token command bash language-bash">constellation apply -y</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token output">Checking for infrastructure changes</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">The following Constellation cluster will be created:</span><br></span><span class="token-line" style="color:#393A34"><span class="token output"> 3 control-plane nodes of type n2d-standard-4 will be created.</span><br></span><span class="token-line" style="color:#393A34"><span class="token output"> 1 worker node of type n2d-standard-4 will be created.</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">Creating</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">Cloud infrastructure created successfully</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">Your Constellation master secret was successfully written to ./constellation-mastersecret.json</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">Connecting</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">Initializing cluster</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">Installing Kubernetes components</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">Your Constellation cluster was successfully initialized.</span><br></span><span class="token-line" style="color:#393A34"><span class="token output"></span><br></span><span class="token-line" style="color:#393A34"><span class="token output">Constellation cluster identifier g6iMP5wRU1b7mpOz2WEISlIYSfdAhB0oNaOg6XEwKFY=</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">Kubernetes configuration constellation-admin.conf</span><br></span><span class="token-line" style="color:#393A34"><span class="token output"></span><br></span><span class="token-line" style="color:#393A34"><span class="token output">You can now connect to your cluster by executing:</span><br></span><span class="token-line" style="color:#393A34"><span class="token output"> export KUBECONFIG=&quot;$PWD/constellation-admin.conf&quot;</span><br></span></code></pre></div></div>
<p>The cluster&#x27;s identifier will be different in your output.
Keep <code>constellation-mastersecret.json</code> somewhere safe.
This will allow you to <a class="" href="/constellation/workflows/recovery">recover your cluster</a> in case of a disaster.</p>
<div class="theme-admonition theme-admonition-info admonition_xJq3 alert alert--info"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M7 2.3c3.14 0 5.7 2.56 5.7 5.7s-2.56 5.7-5.7 5.7A5.71 5.71 0 0 1 1.3 8c0-3.14 2.56-5.7 5.7-5.7zM7 1C3.14 1 0 4.14 0 8s3.14 7 7 7 7-3.14 7-7-3.14-7-7-7zm1 3H6v5h2V4zm0 6H6v2h2v-2z"></path></svg></span>info</div><div class="admonitionContent_BuS1"><p>Depending on your CSP and region, <code>constellation apply</code> may take 10+ minutes to complete.</p></div></div>
</li>
<li class="">
<p>Configure kubectl.</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">export KUBECONFIG=&quot;$PWD/constellation-admin.conf&quot;</span><br></span></code></pre></div></div>
</li>
</ol>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="deploy-a-sample-application">Deploy a sample application<a href="#deploy-a-sample-application" class="hash-link" aria-label="Direct link to Deploy a sample application" title="Direct link to Deploy a sample application" translate="no"></a></h2>
<ol>
<li class="">
<p>Deploy the <a href="https://github.com/BuoyantIO/emojivoto" target="_blank" rel="noopener noreferrer" class="">emojivoto app</a></p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">kubectl apply -k github.com/BuoyantIO/emojivoto/kustomize/deployment</span><br></span></code></pre></div></div>
</li>
<li class="">
<p>Expose the frontend service locally</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">kubectl wait --for=condition=available --timeout=60s -n emojivoto --all deployments</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">kubectl -n emojivoto port-forward svc/web-svc 8080:80 &amp;</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">curl http://localhost:8080</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">kill %1</span><br></span></code></pre></div></div>
</li>
</ol>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="terminate-your-cluster">Terminate your cluster<a href="#terminate-your-cluster" class="hash-link" aria-label="Direct link to Terminate your cluster" title="Direct link to Terminate your cluster" translate="no"></a></h2>
<p>Use the CLI to terminate your cluster. If you manually used <a class="" href="/constellation/reference/terraform">Terraform</a> to manage your cloud resources, follow the corresponding instructions in the <a class="" href="/constellation/workflows/terminate">Terminate workflow</a>.</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">constellation terminate</span><br></span></code></pre></div></div>
<p>This should give the following output:</p>
<div class="language-shell-session codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-shell-session codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token command shell-symbol important">$</span><span class="token command"> </span><span class="token command bash language-bash">constellation terminate</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token output">You are about to terminate a Constellation cluster.</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">All of its associated resources will be DESTROYED.</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">This action is irreversible and ALL DATA WILL BE LOST.</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">Do you want to continue? [y/n]:</span><br></span></code></pre></div></div>
<p>Confirm with <code>y</code> to terminate the cluster:</p>
<div class="language-shell-session codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-shell-session codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token output">Terminating ...</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">Your Constellation cluster was terminated successfully.</span><br></span></code></pre></div></div>
<p>Optionally, you can also <a class="" href="/constellation/workflows/config#deleting-an-iam-configuration">delete your IAM resources</a>.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col noPrint_WFHX"><a href="https://github.com/edgelesssys/constellation/edit/main/docs/versioned_docs/version-2.24/getting-started/first-steps.md" target="_blank" rel="noopener noreferrer" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="docusaurus-mt-lg pagination-nav" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/constellation/getting-started/install"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Installation</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/constellation/getting-started/first-steps-local"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">First steps (local)</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#create-a-cluster" class="table-of-contents__link toc-highlight">Create a cluster</a></li><li><a href="#deploy-a-sample-application" class="table-of-contents__link toc-highlight">Deploy a sample application</a></li><li><a href="#terminate-your-cluster" class="table-of-contents__link toc-highlight">Terminate your cluster</a></li></ul></div></div></div></div></main></div></div></div><footer class="theme-layout-footer footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/constellation/overview/confidential-kubernetes">Confidential Kubernetes</a></li><li class="footer__item"><a class="footer__link-item" href="/constellation/getting-started/install">Install</a></li><li class="footer__item"><a class="footer__link-item" href="/constellation/getting-started/first-steps">First steps</a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/edgelesssys/constellation" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.edgeless.systems/#footer" target="_blank" rel="noopener noreferrer" class="footer__link-item">Newsletter<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Social</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://www.edgeless.systems/blog/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Blog<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://twitter.com/EdgelessSystems" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.linkedin.com/company/edgeless-systems/" target="_blank" rel="noopener noreferrer" class="footer__link-item">LinkedIn<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.youtube.com/channel/UCOOInN0sCv6icUesisYIDeA" target="_blank" rel="noopener noreferrer" class="footer__link-item">Youtube<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Company</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://www.edgeless.systems/imprint/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Imprint<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.edgeless.systems/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy Policy<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="javascript: Cookiebot.renew()" class="footer__link-item">Cookie Settings</a></li><li class="footer__item"><a href="https://www.edgeless.systems/contact-us/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Contact Us<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2025 Edgeless Systems</div></div></div></footer></div>
</body>
</html>
Reference in a new issue View git blame Copy permalink