f38f85b3bf
Signed-off-by: Daniel Weiße <dw@edgeless.systems> |
||
---|---|---|
.github | ||
3rdparty | ||
access_manager | ||
bootstrapper | ||
cli | ||
conformance | ||
debugd | ||
docs | ||
hack | ||
image | ||
internal | ||
joinservice | ||
kms | ||
mount | ||
operators/constellation-node-operator | ||
proto | ||
state | ||
terraform/libvirt | ||
verify | ||
.dockerignore | ||
.gitignore | ||
.golangci.yml | ||
CHANGELOG.md | ||
CMakeLists.txt | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
Dockerfile.build | ||
go.mod | ||
go.sum | ||
README.md |
⭐ Star us on GitHub — it motivates us a lot!
Welcome to Constellation!
Constellation is the first Confidential Kubernetes platform. It leverages confidential computing to isolate entire Kubernetes clusters and all workloads from the rest of the cloud infrastructure.
Table of contents
- ✨ What is Constellation?
- 🛠 Features
- 🚀 Getting started
- 📖 Documentation
- 👥 Community
- 🤝 Contributing
- 🗺 Roadmap
- ❓ Support & Enterprise Support
- 📃 License
✨ What is Constellation?
From the inside, it's a fully featured, certified Kubernetes engine. From the outside, it's an end to end isolated, always encrypted stronghold. A Confidential Cloud in the public cloud. Constellation is open source and enterprise-ready, tailored for unleashing the power of confidential computing for all your workloads at scale.
For a brief introduction to the Confidential Kubernetes concept, read the introduction. For more elaborate overviews of Constellation, see the architecture documentation.
🛠 Features
Everything always encrypted
- Memory runtime encryption of all Kubernetes nodes
- Transparent network encryption for the entire cluster node to node traffic. Provided by Cilium, application independent, no sidecar required
- Persistent volume encryption for block storage. Encrypted in the confidential Kubernetes context, keys and plaintext data never leave the cluster. No trust in the cloud storage backend required
- Key management for transparent network and storage encryption
Everything verifiable
- Verifiable integrity and confidentiality of the entire Kubernetes cluster
- Kubernetes node attestation based on confidential computing. Nodes are verified on their integrity and identity with a hardware-based remote attestation procedure before joining the cluster
- Supply chain protection with sigstore
- Confidential computing-optimized, fully measured, and integrity-protected node OS
Performance and scale
- High-available, enterprise-ready Kubernetes engine
- Multi-master architecture
- Stacked etcd topology
- Dynamic cluster autoscaling
100% compatibility
- Certified Kubernetes engine
- Works with all your existing containers and tools
- The only cloud-agnostic Confidential Kubernetes platform
- Aligned to the version support policy of Kubernetes
- Cilium networking
🚀 Getting started
Sounds great, how can I try this?
Constellation can be deployed in minutes to your favorite infrastructure provider:
🔧 Install
🔒 Deploy
✅ Profit
📖 Documentation
👥 Community
- Got a question? Please get in touch via Discord or file an issue.
- If you see an error message or run into an issue, please make sure to create a bug report.
- Get the latest news and announcements on Twitter, LinkedIn or sign up for our monthly newsletter.
- Visit our blog for technical deep-dives and tutorials.
🤝 Contributing
- Read
CONTRIBUTING.md
for information on issue reporting, code guidelines, and how to work in this repository. - Pull requests are welcome! You need to agree to our Contributor License Agreement.
- This project and everyone participating in it are governed by the Code of Conduct. By participating, you are expected to uphold this code.
- To report a security issue, write to security@edgeless.systems.
🗺 Roadmap
Constellation maintains a [public roadmap][TODO]. It gives a high-level view of the main priorities for the project, the maturity of different features, and how to influence the project direction.
❓ Support & Enterprise Support
If you require a cluster with more than 8 vCPUs or need other services such as enterprise support: Contact us or find more information on the Constellation product page.
📃 License
TODO