Constellation

Hey ProductHunt community, I'm Moritz, an engineer/cybersecurity enthusiast + co-maker of Constellation. We've built Constellation with the belief that always encrypted and verifiable processing of data in the public cloud should be a matter of course just like HTTPS is today. Why? Because we believe that customers should stay in control and take full ownership of their data. Full isolation against the infrastructure and always encrypted processing will fundamentally change the security model of cloud computing and enable organizations to use the cloud to its full potential. Think everything is always encrypted, always verifiable, compliant, and at scale. We understand that security should not compromise usability and convenience. That’s why Constellation lifts these powerful confidential computing capabilities into a Kubernetes platform so customers can just pick them up from where they are today. What does that mean? - From a security perspective, Constellation is designed to keep all data always encrypted and to prevent access from the infrastructure layer (i.e., remove the infrastructure from the TCB). This includes access from data center employees, privileged cloud admins, and attackers coming through the infrastructure (e.g., malicious co-tenants escalating their privileges). - From a DevOps perspective, Constellation is designed to work just like what you would expect from a modern K8s engine. We believe in open-source and communities, so we've published the source code on GitHub., and we have a community on Discord. Also, we have online documentation. Check it out :) By making Constellation available to everyone we can help accelerate the adoption of more secure cloud computing. Community, we're so excited to share this with you today. Feel free to leave a comment below or on GitHub, join our Discord, or reach out via Twitter. Cheers! 🙏🏻

Hey, I'm one of the co-founders of Edgeless. Many thanks to @chrismessina for hunting! I've been in the "confidential computing" space for almost a decade now. This is a super-important milestone. If you're interested in learning more about how we ended up here (starting with an internship at Microsoft Research), I wrote the story down a while ago: https://blog.edgeless.systems/fo...

Hello people of ProductHunt, Lara here. Super stoked about this launch :) I've been working at Edgeless only for a few months but and it's been really exciting to see that a lot of important goals have been reached in this time. It's also inspiring seeing the dev team build such a complex and cool product. With Constellation, companies can leverage all the benefits of public clouds, as they were private clouds. No one will be able to get access, not even cloud providers, and it's easy to start with! I can't wait to see all the different applications of Constellation 🙌 Let us know your feedback!

Hey there, Malte here. I'm an engineer, primarily working on the base operating system. I was lucky to join just when the work on Constellation started and had a real impact on the future of secure Kubernetes. We have designed Constellation from the ground up to only contain what is really needed for containers, run the latest Linux kernel and be hardened for confidential computing. The team has worked together to tackle hard engineering problems and the result is surprisingly easy to use! (You know what I mean if you have ever used security focused software before) Constellation is shaping up to become a super polished, super secure way of running containers. I hope you enjoy using Constellation as much as I enjoy working on it. We also have an open community on discord where you can say hi and chat about everything confidential! Cheers!

Hey everyone, I am Otto, one of the Engineers working on Constellation. Constellation for me is a super exciting product to work on as it combines so many interesting, highly complex topics and wraps them in an super streamlined UX. When you create a Constellation cluster you will only press one button. But behind the scenes you will use an extremely minimal, locked-down and verifiable base image, verify the virtual machine's state via remote attestation and install only the bare minimum of required software that you need to run your workloads. And when you're done waiting for that button to say "Finished!" it will look and feel like any other Kubernetes you have used before. So for me it's great to develop and play around with all these exciting technologies. For you it's great because you can use all these technologies and best practices without implementing them yourself. Best thing is: you can look at everything I am talking about in our GitHub repo @ edgelesssys/constellation ;). Hope to your feedback!

Hello ProductHunt! I'm Leonard, one of the engineers working on Constellation. I'm super exited to have build an easy-to-use abstraction on top of cutting-edge technologies like AMD-SEV. Do you have an on-prem data center but want to build a modern tech stack in the cloud? Why not choose Constellation as your Kubernetes engine. Everything is always encrypted. It can even shield you from your cloud provider. This enables you to move to the cloud without loosing control over your data. Do you already use Kubernetes? Then there is no need to learn something new. Also, your expected cloud features like load balancing, storage, autoscaling and upgrades work out of the box. I'm also thrilled that we build support for all 3 major cloud providers (AWS, Azure, GCP). It is also fascinating to build the same UX on top of similar but different cloud features. Try it out in your favorite cloud, or even locally with MiniConstellation. Let us know what you think!

Hey folks! Super excited to have Constellation launch on ProductHunt! I joined EdgelessSystems early this year as a Security Engineer. Before that, I worked with Kubernetes both as an administrator and developer in the security domain for the past five years. I have worked really hard to bring my knowledge into Constellation and make the user experience great for devs and SREs alike! Because confidential computing is a relatively new concept, we focused on providing clear documentation on: "Why would you want to run a Confidential Kubernetes cluster?". We also included a mini Constellation (think microK8s or k3s) option you can run on your local developer machine, without the hassle of cloud subscriptions! Let us know if we achieved those goals and how your first steps with Constellation went!