📄️ Verify the CLI
Edgeless Systems uses sigstore to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components//rekor.sigstore.dev.
📄️ Create your cluster
Creating your cluster requires two steps:
📄️ Scale your cluster
Constellation provides all features of a Kubernetes cluster including scaling and autoscaling.
📄️ Upgrade your cluster
Constellation provides an easy way to upgrade to the next release.
📄️ Terminate your cluster
You can terminate your cluster using the CLI. For this, you need the Terraform state file named terraform.tfstate in the current directory.
📄️ Recover your cluster
Recovery of a Constellation cluster means getting it back into a healthy state after too many concurrent node failures in the control plane.
📄️ Verify your cluster
Constellation's attestation feature allows you, or a third party, to verify the integrity and confidentiality of your Constellation cluster.
📄️ Use persistent storage
Persistent storage in Kubernetes requires cloud-specific configuration.
📄️ Use Azure trusted launch VMs
Constellation also supports trusted launch VMs on Microsoft Azure. Trusted launch VMs don't offer the same level of security as Confidential VMs, but are available in more regions and in larger quantities. The main difference between trusted launch VMs and normal VMs is that the former offer vTPM-based remote attestation. When used with trusted launch VMs, Constellation relies on vTPM-based remote attestation to verify nodes.
📄️ Consume SBOMs
Constellation builds produce a software bill of materials (SBOM) for each generated artifact.
📄️ Troubleshooting
This section aids you in finding problems when working with Constellation.