Overview

Constellation is a cloud-based confidential orchestration platform. The foundation of Constellation is Kubernetes and therefore shares the same technology stack and architecture principles. To learn more about Constellation and Kubernetes, see product overview.

About orchestration and updates

As a cluster administrator, you can use the Constellation CLI to install and deploy a cluster. Updates are provided in accordance with the support policy.

About microservices and attestation

Constellation manages the nodes and network in your cluster. All nodes are bootstrapped by the Bootstrapper. They're verified and authenticated by the JoinService before being added to the cluster and the network. Finally, the entire cluster can be verified via the VerificationService using remote attestation.

About node images and verified boot

Constellation comes with operating system images for Kubernetes control-plane and worker nodes. They're highly optimized for running containerized workloads and specifically prepared for running inside confidential VMs. You can learn more about the images and how verified boot ensures their integrity during boot and beyond.

About key management and cryptographic primitives

Encryption of data at-rest, in-transit, and in-use is the fundamental building block for confidential computing and Constellation. Learn more about the keys and cryptographic primitives used in Constellation, encrypted persistent storage, and network encryption.

About observability

Observability in Kubernetes refers to the capability to troubleshoot issues using telemetry signals such as logs, metrics, and traces. In the realm of Confidential Computing, it's crucial that observability aligns with confidentiality, necessitating careful implementation. Learn more about the observability capabilities in Constellation.