Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
-
Updated
Aug 7, 2024 - Go
Confidential Computing is the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment.
A Trusted Execution Environment (TEE) is an environment that provides a level of assurance of the following three properties: data integrity, data confidentiality, and code integrity.
TEEs may have additional attributes such as code confidentiality, programmability, recoverability, and attestability.
Confidential Computing aims to reduce the ability for the owner/operator/pwner of a platform to access data and code inside TEEs sufficiently such that this path is not an economically or logically viable attack during execution.
Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
EGo is an open-source SDK that enables you to develop your own confidential apps in the Go programming language.
MarbleRun is the control plane for confidential computing. Deploy, scale, and verify your confidential microservices on vanilla Kubernetes. 100% Go, 100% cloud native, 100% confidential.
The project has been moved to CC-API organization. For more information:
A PoC framework to orchestrate interoperable Differentially Private Data Clean Room Services using Intel SGX hardware as root of trust.
Constructing Trusted Execution Environment (TEE) with GCP Confidential Space
A confidential variant of Linkerd's emojivoto demo application. Your emoji votes have never been more secure!
Making confidential compute docker, docker swarm and kubernetes management simple
Kubernetes Trusted Platform Module (TPM) DaemonSet
SGX-ready Enclaive Docker Image for Wordpress
AWS Nitro Enclave based blockchain workload on Amazon EKS
Reference code for creating and verifying a GCE firmware signed reference value message.
SGX-ready Enclaive Docker Image for PHP Web Applications
Using EGo framework for building a confidential simple app
Demo application to showcase interaction of EdgelessDB and MarbleRun
A Kubernetes device plugin that exposes Confidential Computing devices to workloads in Google Kubernetes Engine (GKE) clusters.
Deploy MarbleRun with OpenServiceMesh, demonstrated with OSM's bookstore demo