📄️ Verify the CLI
Edgeless Systems uses sigstore to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: Cosign, Rekor, and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at .
📄️ Create your cluster
Creating your cluster requires two steps:
📄️ Scale your cluster
Constellation provides all features of a Kubernetes cluster including scaling and autoscaling.
📄️ Upgrade your cluster
Constellation provides an easy way to upgrade to the next release.
📄️ Terminate your cluster
You can terminate your cluster using the CLI. For this, you need the state file of your running cluster named constellation-state.json in the current directory.
📄️ Recover your cluster
Recovery of a Constellation cluster means getting it back into a healthy state after too many concurrent node failures in the control plane.
📄️ Verify your cluster
Constellation's attestation feature allows you, or a third party, to verify the integrity and confidentiality of your Constellation cluster.
📄️ Manage SSH keys
Constellation allows you to create UNIX users that can connect to both control-plane and worker nodes over SSH. As the system partitions are read-only, users need to be re-created upon each restart of a node. This is automated by the Access Manager.
📄️ Use persistent storage
Persistent storage in Kubernetes requires cloud-specific configuration.
📄️ Use Azure trusted launch VMs
Constellation also supports trusted launch VMs on Microsoft Azure. Trusted launch VMs don't offer the same level of security as Confidential VMs, but are available in more regions and in larger quantities. The main difference between trusted launch VMs and normal VMs is that the former offer vTPM-based remote attestation. When used with trusted launch VMs, Constellation relies on vTPM-based remote attestation to verify nodes.
📄️ Troubleshooting
This section aids you in finding problems when working with Constellation.