2022-07-05 05:41:31 -04:00
|
|
|
syntax = "proto3";
|
|
|
|
|
|
|
|
package join;
|
|
|
|
|
2022-09-22 02:48:30 -04:00
|
|
|
option go_package = "github.com/edgelesssys/constellation/v2/joinservice/joinproto";
|
2022-07-05 05:41:31 -04:00
|
|
|
|
|
|
|
service API {
|
2023-03-23 13:08:49 -04:00
|
|
|
// IssueJoinTicket issues a join ticket for a new node.
|
|
|
|
rpc IssueJoinTicket(IssueJoinTicketRequest) returns (IssueJoinTicketResponse);
|
|
|
|
// IssueRejoinTicket issues a join ticket for a node that has previously joined the cluster.
|
|
|
|
rpc IssueRejoinTicket(IssueRejoinTicketRequest) returns (IssueRejoinTicketResponse);
|
2022-07-05 05:41:31 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
message IssueJoinTicketRequest {
|
2023-03-23 13:08:49 -04:00
|
|
|
// disk_uuid is the UUID of a node's state disk.
|
|
|
|
string disk_uuid = 1;
|
|
|
|
// certificate_request is a certificate request for the node's kubelet certificate.
|
|
|
|
bytes certificate_request = 2;
|
|
|
|
// is_control_plane indicates whether the node is a control-plane node.
|
|
|
|
bool is_control_plane = 3;
|
2022-07-05 05:41:31 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
message IssueJoinTicketResponse {
|
2023-03-23 13:08:49 -04:00
|
|
|
// state_disk_key is the key used to encrypt the state disk.
|
|
|
|
bytes state_disk_key = 1;
|
|
|
|
// measurement_salt is a salt used to derive the node's ClusterID.
|
|
|
|
// This value is persisted on the state disk.
|
|
|
|
bytes measurement_salt = 2;
|
|
|
|
// measurement_secret is a secret used to derive the node's ClusterID.
|
|
|
|
// This value is NOT persisted on the state disk.
|
|
|
|
bytes measurement_secret = 3;
|
|
|
|
// kubelet_cert is the certificate to be used by the kubelet.
|
|
|
|
bytes kubelet_cert = 4;
|
|
|
|
// api_server_endpoint is the endpoint of Constellation's API server.
|
|
|
|
string api_server_endpoint = 5;
|
|
|
|
// token is the Kubernetes Join Token to be used by the node to join the cluster.
|
|
|
|
string token = 6;
|
|
|
|
// discovery_token_ca_cert_hash is a hash of the root certificate authority presented by the Kubernetes control-plane.
|
|
|
|
string discovery_token_ca_cert_hash = 7;
|
|
|
|
// control_plane_files is a list of control-plane certificates and keys.
|
|
|
|
repeated control_plane_cert_or_key control_plane_files = 8;
|
|
|
|
// kubernetes_version is the Kubernetes version to install on the node.
|
|
|
|
string kubernetes_version = 9;
|
|
|
|
// kubernetes_components is a list of components to install on the node.
|
|
|
|
repeated KubernetesComponent kubernetes_components = 10;
|
2022-07-11 07:29:22 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
message control_plane_cert_or_key {
|
2023-03-23 13:08:49 -04:00
|
|
|
// name of the certificate or key.
|
|
|
|
string name = 1;
|
|
|
|
// data of the certificate or key.
|
|
|
|
bytes data = 2;
|
2022-07-05 05:41:31 -04:00
|
|
|
}
|
2022-07-26 04:58:39 -04:00
|
|
|
|
|
|
|
message IssueRejoinTicketRequest {
|
2023-03-23 13:08:49 -04:00
|
|
|
// disk_uuid is the UUID of a node's state disk.
|
|
|
|
string disk_uuid = 1;
|
2022-07-26 04:58:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
message IssueRejoinTicketResponse {
|
2023-03-23 13:08:49 -04:00
|
|
|
// state_disk_key is the key to decrypt the state disk.
|
|
|
|
bytes state_disk_key = 1;
|
|
|
|
// measurement_secret is a secret used to derive the node's ClusterID.
|
|
|
|
// This value is NOT persisted on the state disk.
|
|
|
|
bytes measurement_secret = 2;
|
2022-07-26 04:58:39 -04:00
|
|
|
}
|
2022-11-23 04:29:36 -05:00
|
|
|
|
|
|
|
// Discuss if we want to import the init proto instead of duplicating it
|
|
|
|
message KubernetesComponent {
|
2023-03-23 13:08:49 -04:00
|
|
|
// url to download the component from.
|
|
|
|
string url = 1;
|
|
|
|
// hash of the component.
|
|
|
|
string hash = 2;
|
|
|
|
// install_path is the path to install the component to.
|
|
|
|
string install_path = 3;
|
|
|
|
// extract indicates whether the component is an archive and needs to be extracted.
|
|
|
|
bool extract = 4;
|
|
|
|
}
|