Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2026-01-08 11:15:29 -05:00
Code Issues Projects Releases Packages Wiki Activity
constellation/next/workflows/s3proxy/index.html

59 lines
No EOL
28 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" dir="ltr" class="docs-wrapper plugin-docs plugin-id-default docs-version-current docs-doc-page docs-doc-id-workflows/s3proxy" data-has-hydrated="false">
<head>
<meta charset="UTF-8">
<meta name="generator" content="Docusaurus v3.9.2">
<title data-rh="true">Install s3proxy | Constellation</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://docs.edgeless.systems/constellation/next/workflows/s3proxy"><meta data-rh="true" property="og:locale" content="en"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Install s3proxy | Constellation"><meta data-rh="true" name="description" content="Constellation includes a transparent client-side encryption proxy for AWS S3 and compatible stores."><meta data-rh="true" property="og:description" content="Constellation includes a transparent client-side encryption proxy for AWS S3 and compatible stores."><link data-rh="true" rel="icon" href="/constellation/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://docs.edgeless.systems/constellation/next/workflows/s3proxy"><link data-rh="true" rel="alternate" href="https://docs.edgeless.systems/constellation/next/workflows/s3proxy" hreflang="en"><link data-rh="true" rel="alternate" href="https://docs.edgeless.systems/constellation/next/workflows/s3proxy" hreflang="x-default"><script data-rh="true" type="application/ld+json">{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Workflows","item":"https://docs.edgeless.systems/constellation/next/category/workflows"},{"@type":"ListItem","position":2,"name":"Install s3proxy","item":"https://docs.edgeless.systems/constellation/next/workflows/s3proxy"}]}</script><script src="/constellation/gtagman.js" async data-cookieconsent="ignore"></script><link rel="stylesheet" href="/constellation/assets/css/styles.9ca3c5b3.css">
<script src="/constellation/assets/js/runtime~main.87c4c513.js" defer="defer"></script>
<script src="/constellation/assets/js/main.add27954.js" defer="defer"></script>
</head>
<body class="navigation-with-keyboard">
<svg style="display: none;"><defs>
<symbol id="theme-svg-external-link" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"/></symbol>
</defs></svg>
<script>document.documentElement.setAttribute("data-theme","light"),document.documentElement.setAttribute("data-theme-choice","light"),function(){try{const n=new URLSearchParams(window.location.search).entries();for(var[t,e]of n)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}(),document.documentElement.setAttribute("data-announcement-bar-initially-dismissed",function(){try{return"true"===localStorage.getItem("docusaurus.announcement.dismiss")}catch(t){}return!1}())</script><div id="__docusaurus"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><div class="theme-announcement-bar announcementBar_mb4j" style="background-color:#E7E6E6" role="banner"><div class="announcementBarPlaceholder_vyr4"></div><div class="content_knG7 announcementBarContent_xLdY">If you like Constellation, give it a star on <a target="_blank" rel="noopener noreferrer" href="https://github.com/edgelesssys/constellation">GitHub</a> ⭐️</div><button type="button" aria-label="Close" class="clean-btn close closeButton_CVFx announcementBarClose_gvF7"><svg viewBox="0 0 15 15" width="14" height="14"><g stroke="currentColor" stroke-width="3.1"><path d="M.75.75l13.5 13.5M14.25.75L.75 14.25"></path></g></svg></button></div><nav aria-label="Main" class="theme-layout-navbar navbar navbar--fixed-top"><div class="navbar__inner"><div class="theme-layout-navbar-left navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/constellation/"><div class="navbar__logo"><img src="/constellation/img/logos/constellation_oneline.svg" alt="Constellation Logo" class="themedComponent_mlkZ themedComponent--light_NVdE"><img src="/constellation/img/logos/constellation_oneline.svg" alt="Constellation Logo" class="themedComponent_mlkZ themedComponent--dark_xIcU"></div></a></div><div class="theme-layout-navbar-right navbar__items navbar__items--right"><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a aria-current="page" class="navbar__link active" aria-haspopup="true" aria-expanded="false" role="button" href="/constellation/next/workflows/s3proxy">Next</a><ul class="dropdown__menu"><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/constellation/next/workflows/s3proxy">Next</a></li><li><a class="dropdown__link" href="/constellation/workflows/s3proxy">2.24</a></li><li><a class="dropdown__link" href="/constellation/2.23/workflows/s3proxy">2.23</a></li><li><a class="dropdown__link" href="/constellation/2.22/workflows/s3proxy">2.22</a></li></ul></div><a href="https://github.com/edgelesssys/constellation" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-github-link"></a><div class="navbarSearchContainer_Bca1"><div class="dsla-search-wrapper"><div class="dsla-search-field" data-tags="default,docs-default-current"></div></div></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="theme-layout-main main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG menuWithAnnouncementBar_GW3s"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/constellation/next/"><span title="Introduction" class="linkLabel_WmDU">Introduction</span></a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/next/category/basics"><span title="Basics" class="categoryLinkLabel_W154">Basics</span></a><button aria-label="Expand sidebar category &#x27;Basics&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/next/category/getting-started"><span title="Getting started" class="categoryLinkLabel_W154">Getting started</span></a><button aria-label="Expand sidebar category &#x27;Getting started&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist menu__link--active" href="/constellation/next/category/workflows"><span title="Workflows" class="categoryLinkLabel_W154">Workflows</span></a><button aria-label="Collapse sidebar category &#x27;Workflows&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/verify-cli"><span title="Verify the CLI" class="linkLabel_WmDU">Verify the CLI</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/config"><span title="Configure your cluster" class="linkLabel_WmDU">Configure your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/create"><span title="Create your cluster" class="linkLabel_WmDU">Create your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/scale"><span title="Scale your cluster" class="linkLabel_WmDU">Scale your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/upgrade"><span title="Upgrade your cluster" class="linkLabel_WmDU">Upgrade your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/lb"><span title="Expose a service" class="linkLabel_WmDU">Expose a service</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/cert-manager"><span title="Install cert-manager" class="linkLabel_WmDU">Install cert-manager</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/constellation/next/workflows/s3proxy"><span title="Install s3proxy" class="linkLabel_WmDU">Install s3proxy</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/terminate"><span title="Terminate your cluster" class="linkLabel_WmDU">Terminate your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/recovery"><span title="Recover your cluster" class="linkLabel_WmDU">Recover your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/verify-cluster"><span title="Verify your cluster" class="linkLabel_WmDU">Verify your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/storage"><span title="Use persistent storage" class="linkLabel_WmDU">Use persistent storage</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/terraform-provider"><span title="Use the Terraform provider" class="linkLabel_WmDU">Use the Terraform provider</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/sbom"><span title="Consume SBOMs" class="linkLabel_WmDU">Consume SBOMs</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/reproducible-builds"><span title="Reproduce release artifacts" class="linkLabel_WmDU">Reproduce release artifacts</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/next/workflows/troubleshooting"><span title="Troubleshooting" class="linkLabel_WmDU">Troubleshooting</span></a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/next/category/architecture"><span title="Architecture" class="categoryLinkLabel_W154">Architecture</span></a><button aria-label="Expand sidebar category &#x27;Architecture&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/next/category/reference"><span title="Reference" class="categoryLinkLabel_W154">Reference</span></a><button aria-label="Expand sidebar category &#x27;Reference&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li></ul></nav></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="theme-doc-version-banner alert alert--warning margin-bottom--md" role="alert"><div>This is unreleased documentation for <!-- -->Constellation<!-- --> <b>Next</b> version.</div><div class="margin-top--md">For up-to-date documentation, see the <b><a href="/constellation/workflows/s3proxy">latest version</a></b> (<!-- -->2.24<!-- -->).</div></div><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/constellation/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><a class="breadcrumbs__link" href="/constellation/next/category/workflows"><span>Workflows</span></a></li><li class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link">Install s3proxy</span></li></ul></nav><span class="theme-doc-version-badge badge badge--secondary">Version: Next</span><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Install s3proxy</h1></header>
<p>Constellation includes a transparent client-side encryption proxy for <a href="https://aws.amazon.com/de/s3/" target="_blank" rel="noopener noreferrer" class="">AWS S3</a> and compatible stores.
s3proxy encrypts objects before sending them to S3 and automatically decrypts them on retrieval, without requiring changes to your application.
With s3proxy, you can use S3 for storage in a confidential way without having to trust the storage provider.</p>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="limitations">Limitations<a href="#limitations" class="hash-link" aria-label="Direct link to Limitations" title="Direct link to Limitations" translate="no"></a></h2>
<p>Currently, s3proxy has the following limitations:</p>
<ul>
<li class="">Only <code>PutObject</code> and <code>GetObject</code> requests are encrypted/decrypted by s3proxy.
By default, s3proxy will block requests that may expose unencrypted data to S3 (e.g. UploadPart).
The <code>allow-multipart</code> flag disables request blocking for evaluation purposes.</li>
<li class="">Using the <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html#API_GetObject_RequestSyntax" target="_blank" rel="noopener noreferrer" class="">Range</a> header on <code>GetObject</code> is currently not supported and will result in an error.</li>
</ul>
<p>These limitations will be removed with future iterations of s3proxy.
If you want to use s3proxy but these limitations stop you from doing so, consider <a href="https://github.com/edgelesssys/constellation/issues/new?assignees=&amp;labels=&amp;projects=&amp;template=feature_request.yml" target="_blank" rel="noopener noreferrer" class="">opening an issue</a>.</p>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="deployment">Deployment<a href="#deployment" class="hash-link" aria-label="Direct link to Deployment" title="Direct link to Deployment" translate="no"></a></h2>
<p>You can add the s3proxy to your Constellation cluster as follows:</p>
<ol>
<li class="">Add the Edgeless Systems chart repository:<!-- -->
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">helm repo add edgeless https://helm.edgeless.systems/stable</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">helm repo update</span><br></span></code></pre></div></div>
</li>
<li class="">Set ACCESS_KEY and ACCESS_SECRET to valid credentials you want s3proxy to use to interact with S3.</li>
<li class="">Deploy s3proxy:<!-- -->
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">helm install s3proxy edgeless/s3proxy --set awsAccessKeyID=&quot;$ACCESS_KEY&quot; --set awsSecretAccessKey=&quot;$ACCESS_SECRET&quot;</span><br></span></code></pre></div></div>
</li>
</ol>
<p>If you want to run a demo application, check out the <a class="" href="/constellation/next/getting-started/examples/filestash-s3proxy">Filestash with s3proxy</a> example.</p>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="technical-details">Technical details<a href="#technical-details" class="hash-link" aria-label="Direct link to Technical details" title="Direct link to Technical details" translate="no"></a></h2>
<h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="encryption">Encryption<a href="#encryption" class="hash-link" aria-label="Direct link to Encryption" title="Direct link to Encryption" translate="no"></a></h3>
<p>s3proxy relies on Google&#x27;s <a href="https://developers.google.com/tink" target="_blank" rel="noopener noreferrer" class="">Tink Cryptographic Library</a> to implement cryptographic operations securely.
The used cryptographic primitives are <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf" target="_blank" rel="noopener noreferrer" class="">NIST SP 800 38f</a> for key wrapping and <a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard" target="_blank" rel="noopener noreferrer" class="">AES</a>-<a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Galois/counter_(GCM)" target="_blank" rel="noopener noreferrer" class="">GCM</a> with 256 bit keys for data encryption.</p>
<p>s3proxy uses <a href="https://cloud.google.com/kms/docs/envelope-encryption" target="_blank" rel="noopener noreferrer" class="">envelope encryption</a> to encrypt objects.
This means s3proxy uses a key encryption key (KEK) issued by the <a class="" href="/constellation/next/architecture/microservices#keyservice">KeyService</a> to encrypt data encryption keys (DEKs).
Each S3 object is encrypted with its own DEK.
The encrypted DEK is then saved as metadata of the encrypted object.
This enables key rotation of the KEK without re-encrypting the data in S3.
The approach also allows access to objects from different locations, as long as each location has access to the KEK.</p>
<h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="traffic-interception">Traffic interception<a href="#traffic-interception" class="hash-link" aria-label="Direct link to Traffic interception" title="Direct link to Traffic interception" translate="no"></a></h3>
<p>To use s3proxy, you have to redirect your outbound S3 traffic to s3proxy.
This can either be done by modifying your client application or by changing the deployment of your application.</p>
<p>The necessary deployment modifications are to add DNS redirection and a trusted TLS certificate to the client&#x27;s trust store.
DNS redirection can be defined for each pod, allowing you to use s3proxy for one application without changing other applications in the same cluster.
Adding a trusted TLS certificate is necessary as clients communicate with s3proxy via HTTPS.
To have your client application trust s3proxy&#x27;s TLS certificate, the certificate has to be added to the client&#x27;s certificate trust store.
The <a class="" href="/constellation/next/getting-started/examples/filestash-s3proxy">Filestash with s3proxy</a> example shows how to do this.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col noPrint_WFHX"><a href="https://github.com/edgelesssys/constellation/edit/main/docs/docs/workflows/s3proxy.md" target="_blank" rel="noopener noreferrer" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="docusaurus-mt-lg pagination-nav" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/constellation/next/workflows/cert-manager"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Install cert-manager</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/constellation/next/workflows/terminate"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Terminate your cluster</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#limitations" class="table-of-contents__link toc-highlight">Limitations</a></li><li><a href="#deployment" class="table-of-contents__link toc-highlight">Deployment</a></li><li><a href="#technical-details" class="table-of-contents__link toc-highlight">Technical details</a><ul><li><a href="#encryption" class="table-of-contents__link toc-highlight">Encryption</a></li><li><a href="#traffic-interception" class="table-of-contents__link toc-highlight">Traffic interception</a></li></ul></li></ul></div></div></div></div></main></div></div></div><footer class="theme-layout-footer footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/constellation/overview/confidential-kubernetes">Confidential Kubernetes</a></li><li class="footer__item"><a class="footer__link-item" href="/constellation/getting-started/install">Install</a></li><li class="footer__item"><a class="footer__link-item" href="/constellation/getting-started/first-steps">First steps</a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/edgelesssys/constellation" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.edgeless.systems/#footer" target="_blank" rel="noopener noreferrer" class="footer__link-item">Newsletter<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Social</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://www.edgeless.systems/blog/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Blog<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://twitter.com/EdgelessSystems" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.linkedin.com/company/edgeless-systems/" target="_blank" rel="noopener noreferrer" class="footer__link-item">LinkedIn<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.youtube.com/channel/UCOOInN0sCv6icUesisYIDeA" target="_blank" rel="noopener noreferrer" class="footer__link-item">Youtube<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Company</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://www.edgeless.systems/imprint/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Imprint<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.edgeless.systems/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy Policy<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="javascript: Cookiebot.renew()" class="footer__link-item">Cookie Settings</a></li><li class="footer__item"><a href="https://www.edgeless.systems/contact-us/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Contact Us<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2025 Edgeless Systems</div></div></div></footer></div>
</body>
</html>
Reference in a new issue View git blame Copy permalink