Constellation: The First Secret Kubernetes Distribution

How do you manage sensitive workloads on someone else’s infrastructure? Perhaps the phrase “don’t” is a common spontaneous answer to this question. However, in the world of cloud first, not running on someone else’s infrastructure is becoming a less viable option.

secret computing It is a relatively new security paradigm that addresses this issue with technology. Essentially, secret computing is about two things: (1) keeping workloads encrypted and isolated during processing and (2) making this circumstance externally verifiable via cryptographic certificates (“remote authentication”).

Yes that’s right, With secret computing, workloads remain fully encrypted at run time in memory. Only the CPU knows the encryption key, and it only temporarily decrypts the data in 64-byte fragments within its internal registers and cache, which are inaccessible to other software and hardware.

With these two core features, covert computing allows you to safely run workloads on potentially compromised systems. If implemented correctly, covert computing can effectively protect workloads from malicious administrators, operating system kernels, hypervisors, and physical attacks such as “cold boot”. Both runtime encryption and remote authentication are equally important here. Without remote authentication, a compromised infrastructure can simply lie in runtime encryption, the programs that are running, and access your data as soon as it is sent.

with constellationThis month, Edgeless Systems published probably the first open source implementation of the Confidential K8s concept. Constellation are CNCF-certified K8s, and from a usability perspective, they should work like “regular” K8s distros. Constellation adds features like sigstoreSupply chain security based on K8s core secret concept. A feature list and benchmarks for the Constellation can be found at github.

Constellation currently works with Azure and GCP with support for Amazon Web Services And OpenStack is coming.

What is Kubernetes Secret?

Intel pioneered clandestine computing when it began adding a feature called Software Protection Extensions (SGX) to client CPUs in 2015. At the time, Intel primarily developed SGX as a way to enforce digital rights management (DRM). Since then, the focus of the technology has shifted to the cloud, and AMD and Arm have jumped the cart with their Secure Encrypted Virtualization (SEV) and Realms features, respectively.

In essence, most Intel and AMD server CPUs support undercover computing, and the major cloud service providers have invested heavily in technology and have the corresponding offerings ready.

How Undercover Computing and Kubernetes fit together

Well, if secret computing is prevalent now, can we run our own Kubernetes (K8s) with it and keep everything encrypted and infrastructure protected?

Unfortunately, it is not that simple. To date, the cloud mostly offers so-called Confidential VMs (CVMs). These are regular virtual machines that provide runtime encryption and raw authentication capabilities. Running K8s nodes on CVMs automatically provides uptime encryption for those. However, as we learned above, runtime coding alone doesn’t cut it. We also need remote authentication and verification.

This is where things get complicated in K8s: How does node A validate node B before sending data? What happens after a node image update or node failure? How can a K8s administrator validate an entire set with many nodes before sending data? All of this can be resolved, but it requires thoughtful design and engineering.

Additionally, one might want mechanisms to ensure that data is not “only” encrypted at runtime, but that every byte transmitted on wire or cloud storage is encrypted so that there are no gaps.

If all of the above is given, we have something that seems somewhat magical: the K8s, as a whole, are protected by an infrastructure in which all data is always encrypted – at rest, in transit and at runtime. Like “secret K8s” like truncated private on public cloud. Prevents access to data from malicious data center employees, cloud administrators, co-tenants, and hackers coming through the cloud infrastructure software. Thus, Confidential K8s enable companies to migrate even sensitive or structured workloads to the cloud and deliver more trustworthy SaaS.

Collection Created with Sketch.

Leave a Comment