📄️ Verify the CLI
Edgeless Systems uses sigstore and SLSA to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: Cosign, Rekor, and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at .
📄️ Configure your cluster
Before you can create your cluster, you need to configure the identity and access management (IAM) for your cloud service provider (CSP) and choose machine types for the nodes.
📄️ Create your cluster
Creating your cluster requires two steps:
📄️ Scale your cluster
Constellation provides all features of a Kubernetes cluster including scaling and autoscaling.
📄️ Upgrade your cluster
Constellation provides an easy way to upgrade to the next release.
📄️ Install cert-manager
If you want to use cert-manager with Constellation, pay attention to the following to avoid potential pitfalls.
📄️ Terminate your cluster
You can terminate your cluster using the CLI. For this, you need the Terraform state directory named constellation-terraform in the current directory.
📄️ Recover your cluster
Recovery of a Constellation cluster means getting it back into a healthy state after too many concurrent node failures in the control plane.
📄️ Verify your cluster
Constellation's attestation feature allows you, or a third party, to verify the integrity and confidentiality of your Constellation cluster.
📄️ Use persistent storage
Persistent storage in Kubernetes requires cloud-specific configuration.
📄️ Consume SBOMs
Constellation builds produce a software bill of materials (SBOM) for each generated artifact.
📄️ Troubleshooting
This section aids you in finding problems when working with Constellation.