Kubernetes gets confidential computing with open-source Constellation from Edgeless Systems
Edgeless Systems, a provider of open-source infrastructure for confidential computing, has announced the public availability of Constellation through GitHub. Edgeless Systems’ Constellation allows enterprise users to leverage open-source architecture to provide an encrypted end-to-end solution for Kubernetes-based workloads.
The tool allows firms to keep Kubernetes clusters verifiably shielded from the cloud infrastructure while providing integrated security and data protection. To guarantee that Kubernetes instances are secure, Constellation completely isolated them from the cloud infrastructure.
As a CNCF-certified Kubernetes solution, Constellation becomes a scalable platform with the ability to work with Microsoft Azure and Google Cloud platforms. If users can run their containerized applications as they deploy them, it will be notably easier to adopt Constellation. A few commands on the CLI will make the Kubernetes infrastructure ready for confidential computing.
“Edgeless Systems is building the open-source infrastructure for the Confidential Computing revolution,” said Felix Schuster, CEO of Edgeless Systems. “The hardware and features required for Constellation mostly weren’t even available in the cloud 12 months ago, but we started the necessary work to ensure Kubernetes users can secure all their data — in rest, in transit and now in use.”
What is confidential computing?
Confidential computing refers to cloud computing technology that can isolate the data inside the CPU during processing. Only permission levels, for example, authorize access to this secure data. Without privileged access, this cloud data is invisible to the operator and developers cannot modify the code.
Confidential computing is a hardware-based technology that protects computer workloads from the underlying environment. It keeps the data encrypted end-to-end during the data processing. Edgeless Systems’ Constellation protects this data and the control plane to keep it encrypted at rest, in transit, and while in use.
Recommended reading: Confidential Computing Consortium promises data-in-use encryption, researcher warns encrypted traffic remains vulnerable
The company is also introducing a new feature — a Sigstore-based attestation of Kubernetes nodes for automatic encryption of cloud data on the system network. To prevent data breaches, Constellation does not allow cloud admins, data center employees, and even APTs (advanced persistent threats) to access the data inside Constellation.
“Sigstore enables everyone to protect their software supply chains. It’s amazing to see how, with Constellation, Edgeless Systems managed to bootstrap an end-to-end verifiable and encrypted Kubernetes on top of this,” said Dan Lorenc, CEO of Chainguard and co-creator of Sigstore.
Article Topics
confidential computing | data | DevOps | Edgeless Systems | Kubernetes | security
Comments