Wrapping entire Kubernetes clusters into a confidential-computing envelope with Constellation

Malte Poll and Paul Meyer

Playlists: 'froscon2023' videos starting here / audio

Kubernetes is the most popular platform for managing and scaling containerized workloads. It's practically used everywhere. Bringing comprehensive confidential-computing features to Kubernetes is a requirement for confidential computing to become mainstream.

In the first part of this talk, we explain the different approaches for running confidential-computing workloads on Kubernetes. We discuss desirable features and security properties and corresponding challenges that need to be addressed. In the second part, we describe the architecture of our "confidential" Kubernetes distribution Constellation (https://github.com/edgelesssys/constellation). Constellation is open source and uses Confidential VMs (currently AMD SEV, in the future also Intel TDX and Arm CCA) to ensure that entire Kubernetes clusters are runtime-encrypted and shielded from the infrastructure. To the best of our knowledge, Constellation is the only software able to achieve this. We explain how - with the help of rigorous cluster-wide remote attestation, mkosi-based images, and Sigstore - Constellation is able to verify and attest the integrity of an entire cluster. We also explain how we use Cilium, Rook, Ceph and other cloud-native projects to ensure that data is not only encrypted at runtime but also on the wire and in storage. In the third part, we give a live demo of complex real-world applications like GitLab running end-to-end confidential on Constellation in the public cloud.

We close with a discussion of use cases and an overview of future work.