Constellation: Open-source, runtime-encrypted Kubernetes

Confidential Computing is a hardware-based technology that shields computer workloads from their environments and keeps data encrypted during processing.

In this Help Net Security video, Felix Schuster, CEO at Edgeless Systems, talks about the open-source release of Constellation.

Constellation allows anyone to keep their Kubernetes clusters verifiably shielded from the underlying cloud infrastructure and encrypted end-to-end. It is now available on GitHub and comes with unique features such as “whole cluster” attestation.

Constellation shields workloads and the control plane from the infrastructure and ensures that all data is encrypted in rest, in transit, and in use. These properties can be verified remotely based on hardware-rooted certificates. Constellation works with Microsoft Azure and Google Cloud Platform (support for OpenStack and other CSPs like AWS is planned) and doesn’t require changes to workloads or existing tooling.