Can I run Constallation K8s CLuster outside of GCP, AWS or Azure ?

[ghost]

Hello,

I just came across this project, and I'm quite interested in testing it out, but reading the docs I often see Azure or GCP as a reference and that I have to do things where there IAM service before getting started. As I don't do any business with these companies out of various reasons, I would like to test Constellation outside these public clouds, e.g. at Hetzner or at home or basically anywhere else.

Kindly asking for feedback.

[daniel-weisse]

Hi @venomone

If you want to just try out Constellation, you can do so by creating a cluster using QEMU/KVM.
Provided you meet the hardware/software requirements, this can be done on your local hardware, or on a VM with bare-metal/nested-virtualization from any cloud provider.

This deployment process does not require confidential VM capabilities, but please note that this also means a Constellation cluster you created with QEMU/KVM does not have the same security features as one created with actual confidential computing capable hardware on Azure or GCP.
Since this cluster will be running locally (or on a VM at e.g. Hetzner) you will also not be able to make use of some functionalities like auto-scaling or image upgrades.

[ghost]

@daniel-weisse Okay, the guide refers to a local QEMU deployment, but what If I want to run it across multiple real Hardware Servers ? It's nice to have a local deployment for testing, but I really wanted to get in touch with it and also have a production like system at hand. So how to spin up a cluster across multiple nodes, with a real network in between, with real hardware (Zen 4)?

[malt3]

Hi @venomone. The setup you describe would work well with OpenStack. This video shows you what our OpenStack support looks like.
Before you start playing around with Constellation and OpenStack, you should know that support for it is implemented but depends on a specific configuration of OpenStack.
Required features include:

• vTPM support
• AMD SEV capable hardware
• Recent OpenStack version

If this sounds interesting to you, feel free to reach out to me and we can jump on a quick call to explain in more detail what the options are to try this out.
You can reach me via email at mp@edgeless.systems

Kind regards
Malte Poll

[ghost]

Hello @malt3 ,

thanks for your answer, and sorry for my late reply.
Most of the time I'm running with budget hosting providers like Hetzner, they have 7002 and 7003 AMD Chips available and also Xeon Gold CPU as well as intel i5 and i9 13th gen CPUs, so I guess at least one of them should do the job and should support all the needed pre-requirements. Constellation is so interesting for me as I'm about to run a white label software as a SaaS solution and I want to be able to roll it out nearly anywhere. I watched the Video, thanks for that, but it mostly covers the case using QEMU/libvirt in a specific version where I don't have any influence on using Budget providers. Besides, I sadly don't have the money to run my own OpenStack.

It just would be interesting for me to know how to start if I click myself 5 worker nodes and 3 masters at some hosting provider together with a private network. I really want to start as simple as possible without investing too much time in getting a constellation cluster up and running. Isn't there any quick start guide for that scenario, outside of AWS, Azure, GCP and all the other overpriced Hyperscalers? I really just want to get it running on stupid standalone VMs or Desktop Hardware.

Thanks in advance

[malt3]

Hi @venomone. Thanks for providing some insights on your use case.
The setup you are describing here is what I would describe as manual/custom provisioning.
Sadly, Constellation does not yet support this deployment model.
One of the core components of Constellation, the automatic and secure joining of new nodes, requires that we integrate a form of auto-discovery mechanism for the platform. This allows newly joining nodes to detect the control-plane without extra configuration.
On the hyperscalers, this is done using the cloudprovider API.
While we could implement support for customized deployments with a manual join process or a separate server component, this is not a priority for us at this point in time.
We take your feedback very seriously and will consider it for future development.

Kind regards
Malte