Constellation is a Kubernetes distribution built for confidential computing. It enables organizations to run Kubernetes workloads inside a fully encrypted, hardware-shielded cluster environment, ensuring that data and applications remain protected even from cloud infrastructure administrators and providers. Constellation achieves this by runtime-encrypting all workloads running within the cluster. This means data in use is encrypted, complementing traditional encryption at rest and in transit. Users can also remotely verify the integrity of their cluster through attestation mechanisms inherent to confidential computing. The product targets cloud-based deployments and supports major public cloud providers including Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS). Cluster setup is managed through a dedicated CLI tool, and applications are deployed via Helm charts. A primary use case highlighted on this page is running LocalAI — an open-source, OpenAI-compatible inference server — inside a Constellation cluster. This enables organizations to run large language model (LLM) inference workloads on public cloud infrastructure with a verifiable guarantee that inference data is inaccessible to the cloud provider or any third parties. Constellation integrates with standard Kubernetes tooling (kubectl, Helm) and supports scale-out deployments. The deployment guide covers using ingress-nginx for ingress management and external-dns for DNS configuration, with example setups targeting Azure and GoDaddy as a domain registrar.