2022-09-05 03:06:08 -04:00
/ *
Copyright ( c ) Edgeless Systems GmbH
SPDX - License - Identifier : AGPL - 3.0 - only
* /
2022-04-06 04:36:58 -04:00
/ *
Package constants contains the constants used by Constellation .
Constants should never be overwritable by command line flags or configuration files .
* /
package constants
2022-10-11 07:57:52 -04:00
import (
2023-07-25 08:20:25 -04:00
"fmt"
2022-10-11 07:57:52 -04:00
"time"
2023-07-25 08:20:25 -04:00
"github.com/edgelesssys/constellation/v2/internal/semver"
2022-10-11 07:57:52 -04:00
)
2022-05-04 08:32:34 -04:00
2022-04-06 04:36:58 -04:00
const (
2022-04-12 10:07:17 -04:00
//
// Constellation.
//
// ConstellationNameLength is the maximum length of a Constellation's name.
ConstellationNameLength = 37
2023-02-10 07:27:22 -05:00
// AWSConstellationNameLength is the maximum length of a Constellation's name on AWS.
AWSConstellationNameLength = 10
2022-04-12 10:07:17 -04:00
// ConstellationMasterSecretStoreName is the name for the Constellation secrets in Kubernetes.
ConstellationMasterSecretStoreName = "constellation-mastersecret"
2022-10-18 07:15:54 -04:00
// ConstellationMasterSecretKey is the name of the key for the master secret in the master secret kubernetes secret.
2022-04-12 10:07:17 -04:00
ConstellationMasterSecretKey = "mastersecret"
2022-10-18 07:15:54 -04:00
// ConstellationSaltKey is the name of the key for the salt in the master secret kubernetes secret.
ConstellationSaltKey = "salt"
2023-01-17 09:28:07 -05:00
// ConstellationVerifyServiceUserData is the user data that the verification service includes in the attestation.
ConstellationVerifyServiceUserData = "VerifyService"
2023-03-09 03:47:28 -05:00
// AttestationVariant is the name of the environment variable that contains the attestation variant.
AttestationVariant = "CONSTEL_ATTESTATION_VARIANT"
2023-08-02 04:23:15 -04:00
// DefaultControlPlaneGroupName is the name of the default control plane node group.
DefaultControlPlaneGroupName = "control_plane_default"
// DefaultWorkerGroupName is the name of the default worker node group.
DefaultWorkerGroupName = "worker_default"
2022-04-12 10:07:17 -04:00
2022-04-06 04:36:58 -04:00
//
// Ports.
//
2022-07-05 08:13:19 -04:00
// JoinServicePort is the port for reaching the join service within Kubernetes.
JoinServicePort = 9090
// JoinServiceNodePort is the port for reaching the join service outside of Kubernetes.
2022-11-09 09:57:54 -05:00
JoinServiceNodePort = 30090
// VerifyServicePortHTTP HTTP port for verification service.
VerifyServicePortHTTP = 8080
// VerifyServicePortGRPC GRPC port for verification service.
VerifyServicePortGRPC = 9090
// VerifyServiceNodePortHTTP HTTP node port for verification service.
2022-06-28 11:03:28 -04:00
VerifyServiceNodePortHTTP = 30080
2022-11-09 09:57:54 -05:00
// VerifyServiceNodePortGRPC GRPC node port for verification service.
2022-06-28 11:03:28 -04:00
VerifyServiceNodePortGRPC = 30081
2023-01-20 12:51:06 -05:00
// KeyServicePort is the port the KMS server listens on.
KeyServicePort = 9000
2022-11-09 09:57:54 -05:00
// BootstrapperPort port of bootstrapper.
2022-06-29 09:26:29 -04:00
BootstrapperPort = 9000
2022-11-09 09:57:54 -05:00
// KubernetesPort port for Kubernetes API.
KubernetesPort = 6443
// RecoveryPort port for Constellation recovery server.
RecoveryPort = 9999
// DebugdPort port for debugd process.
DebugdPort = 4000
2022-04-06 04:36:58 -04:00
//
// Filenames.
//
2022-11-09 09:57:54 -05:00
2023-09-25 10:19:43 -04:00
// StateFilename filename that contains the entire state of the Constellation cluster.
StateFilename = "constellation-state.yaml"
2022-11-09 09:57:54 -05:00
// ConfigFilename filename of Constellation config file.
ConfigFilename = "constellation-conf.yaml"
// LicenseFilename filename of Constellation license file.
LicenseFilename = "constellation.license"
// AdminConfFilename filename of KubeConfig for admin access to Constellation.
AdminConfFilename = "constellation-admin.conf"
// MasterSecretFilename filename of Constellation mastersecret.
MasterSecretFilename = "constellation-mastersecret.json"
2022-11-14 12:18:58 -05:00
// TerraformWorkingDir is the directory name for the TerraformClient workspace.
TerraformWorkingDir = "constellation-terraform"
2022-12-07 05:48:54 -05:00
// TerraformIAMWorkingDir is the directory name for the Terraform IAM Client workspace.
TerraformIAMWorkingDir = "constellation-iam-terraform"
2023-08-08 09:42:06 -04:00
// GCPServiceAccountKeyFilename is the file name for the GCP service account key file.
GCPServiceAccountKeyFilename = "gcpServiceAccountKey.json"
2023-05-30 07:47:36 -04:00
// ErrorLog file which contains server errors during init.
ErrorLog = "constellation-cluster.log"
2022-11-09 09:57:54 -05:00
// ControlPlaneAdminConfFilename filepath to control plane kubernetes admin config.
2022-10-21 04:16:44 -04:00
ControlPlaneAdminConfFilename = "/etc/kubernetes/admin.conf"
2022-11-09 09:57:54 -05:00
// KubectlPath path to kubectl binary.
KubectlPath = "/run/state/bin/kubectl"
2022-12-25 12:49:45 -05:00
// UpgradeAgentSocketPath is the path to the UDS that is used for the gRPC connection to the upgrade agent.
UpgradeAgentSocketPath = "/run/constellation-upgrade-agent.sock"
2023-01-06 06:08:25 -05:00
// UpgradeAgentMountPath is the path inside the operator container where the UDS is mounted.
UpgradeAgentMountPath = "/etc/constellation-upgrade-agent.sock"
2022-11-14 13:09:49 -05:00
// CniPluginsDir path directory for CNI plugins.
CniPluginsDir = "/opt/cni/bin"
// BinDir install path for CNI config.
BinDir = "/run/state/bin"
// KubeadmPath install path for kubeadm.
KubeadmPath = "/run/state/bin/kubeadm"
// KubeletPath install path for kubelet.
KubeletPath = "/run/state/bin/kubelet"
2022-06-29 10:13:01 -04:00
//
// Filenames for Constellation's micro services.
//
2022-07-18 06:28:02 -04:00
// ServiceBasePath is the base path for the mounted micro service's files.
2022-06-29 10:13:01 -04:00
ServiceBasePath = "/var/config"
2023-05-03 05:11:53 -04:00
// AttestationConfigFilename is the filename of the config used for CC validation.
AttestationConfigFilename = "attestationConfig"
2022-07-26 04:58:39 -04:00
// MeasurementSaltFilename is the filename of the salt used in creation of the clusterID.
MeasurementSaltFilename = "measurementSalt"
// MeasurementSecretFilename is the filename of the secret used in creation of the clusterID.
MeasurementSecretFilename = "measurementSecret"
2023-03-21 07:46:49 -04:00
2023-01-04 11:03:40 -05:00
// K8sVersionFieldName is the name of the of the key holding the wanted Kubernetes version.
K8sVersionFieldName = "cluster-version"
2022-11-23 04:29:36 -05:00
// ComponentsListKey is the name of the key holding the list of components in the components configMap.
ComponentsListKey = "components"
2023-09-29 08:29:50 -04:00
// SevSnpCertCacheConfigMapName is the name of the configMap holding the SEV-SNP certificate cache in the join service.
SevSnpCertCacheConfigMapName = "sev-snp-cert-cache"
// CertCacheAskKey is the name of the key holding the ASK certificate in the SEV-SNP certificate cache.
CertCacheAskKey = "ask"
// CertCacheArkKey is the name of the key holding the ARK certificate in the SEV-SNP certificate cache.
CertCacheArkKey = "ark"
2023-02-09 09:54:12 -05:00
// NodeVersionResourceName resource name used for NodeVersion in constellation-operator and CLI.
NodeVersionResourceName = "constellation-version"
2023-01-06 14:48:03 -05:00
// NodeKubernetesComponentsAnnotationKey is the name of the annotation holding the reference to the ConfigMap listing all K8s components.
NodeKubernetesComponentsAnnotationKey = "constellation.edgeless.systems/kubernetes-components"
2022-12-06 12:48:01 -05:00
// JoiningNodesConfigMapName is the name of the configMap holding the joining nodes with the components hashes the node-operator should annotate the nodes with.
JoiningNodesConfigMapName = "joining-nodes"
2022-05-04 02:50:50 -04:00
//
// CLI.
//
2022-11-09 09:57:54 -05:00
// MinControllerCount is the minimum number of control nodes.
2022-05-04 02:50:50 -04:00
MinControllerCount = 1
2022-11-09 09:57:54 -05:00
// MinWorkerCount is the minimum number of worker nodes.
MinWorkerCount = 1
2022-11-15 09:40:49 -05:00
// EnvVarPrefix is expected prefix for environment variables used to overwrite config parameters.
EnvVarPrefix = "CONSTELL_"
// EnvVarAzureClientSecretValue is environment variable to overwrite
// provider.azure.clientSecretValue .
EnvVarAzureClientSecretValue = EnvVarPrefix + "AZURE_CLIENT_SECRET_VALUE"
2023-03-03 09:28:28 -05:00
// EnvVarOpenStackPassword is environment variable to overwrite
// provider.openstack.password .
EnvVarOpenStackPassword = EnvVarPrefix + "OS_PASSWORD"
2023-02-16 09:43:19 -05:00
// EnvVarNoSpinner is environment variable used to disable the loading indicator (spinner)
// displayed in Constellation CLI. Any non-empty value, e.g., CONSTELL_NO_SPINNER=1,
// can be used to disable the spinner.
EnvVarNoSpinner = EnvVarPrefix + "NO_SPINNER"
2023-01-25 08:42:52 -05:00
// MiniConstellationUID is a sentinel value for the UID of a mini constellation.
MiniConstellationUID = "mini"
2023-11-20 06:10:16 -05:00
// MiniConstellationName is a sentinel value for the name of a mini constellation.
MiniConstellationName = MiniConstellationUID + "-qemu"
2023-04-14 08:15:07 -04:00
// TerraformLogFile is the file name of the Terraform log file.
TerraformLogFile = "terraform.log"
2023-05-22 07:31:20 -04:00
// TerraformUpgradeWorkingDir is the directory name for the Terraform workspace being used in an upgrade.
TerraformUpgradeWorkingDir = "terraform"
2023-07-24 04:30:53 -04:00
// TerraformIAMUpgradeWorkingDir is the directory name for the Terraform IAM workspace being used in an upgrade.
TerraformIAMUpgradeWorkingDir = "terraform-iam"
2023-05-22 07:31:20 -04:00
// TerraformUpgradeBackupDir is the directory name being used to backup the pre-upgrade state in an upgrade.
TerraformUpgradeBackupDir = "terraform-backup"
2023-07-24 04:30:53 -04:00
// TerraformIAMUpgradeBackupDir is the directory name being used to backup the pre-upgrade state of iam in an upgrade.
TerraformIAMUpgradeBackupDir = "terraform-iam-backup"
2023-10-26 04:55:50 -04:00
// TerraformEmbeddedDir is the name of the base directory embedded in the CLI binary containing the Terraform files.
2023-11-08 13:10:01 -05:00
TerraformEmbeddedDir = "infrastructure"
2023-05-22 07:31:20 -04:00
// UpgradeDir is the name of the directory being used for cluster upgrades.
UpgradeDir = "constellation-upgrade"
2023-07-21 04:04:29 -04:00
// ControlPlaneDefault is the name of the default control plane worker group.
ControlPlaneDefault = "control_plane_default"
// WorkerDefault is the name of the default worker group.
WorkerDefault = "worker_default"
2022-05-05 02:48:56 -04:00
2023-12-08 08:40:31 -05:00
//
// CSP.
//
// MarketplaceImageURIScheme is the scheme used for Constellation marketplace OS images.
MarketplaceImageURIScheme = "constellation-marketplace-image"
//
// Azure.
//
// AzureMarketplaceImagePublisherKey is the URI key for the Azure Marketplace image publisher.
AzureMarketplaceImagePublisherKey = "publisher"
// AzureMarketplaceImageOfferKey is the URI key for the Azure Marketplace image offer.
AzureMarketplaceImageOfferKey = "offer"
// AzureMarketplaceImageSkuKey is the URI key for the Azure Marketplace image SKU.
AzureMarketplaceImageSkuKey = "sku"
// AzureMarketplaceImageVersionKey is the URI key for the Azure Marketplace image version.
AzureMarketplaceImageVersionKey = "version"
// AzureMarketplaceImagePublisher is the publisher of the Azure Marketplace image.
AzureMarketplaceImagePublisher = "edgelesssystems"
// AzureMarketplaceImageOffer is the offer of the Azure Marketplace image.
AzureMarketplaceImageOffer = "constellation"
// AzureMarketplaceImagePlan is the plan of the Azure Marketplace image.
AzureMarketplaceImagePlan = "constellation"
2022-05-05 02:48:56 -04:00
//
// Kubernetes.
//
2022-11-09 09:57:54 -05:00
// KubernetesJoinTokenTTL time to live for Kubernetes join token.
2022-05-04 08:32:34 -04:00
KubernetesJoinTokenTTL = 15 * time . Minute
2022-11-09 09:57:54 -05:00
// ConstellationNamespace namespace to deploy Constellation components into.
2022-08-29 10:49:44 -04:00
ConstellationNamespace = "kube-system"
2022-11-09 09:57:54 -05:00
// JoinConfigMap k8s config map with node join config.
JoinConfigMap = "join-config"
// InternalConfigMap k8s config map with internal Constellation config.
InternalConfigMap = "internal-config"
2023-07-21 10:43:51 -04:00
// KubeadmConfigMap k8s config map with kubeadm config
// (holds ClusterConfiguration).
KubeadmConfigMap = "kubeadm-config"
// ClusterConfigurationKey key in kubeadm config map with ClusterConfiguration.
ClusterConfigurationKey = "ClusterConfiguration"
2022-08-01 03:37:05 -04:00
2022-08-12 04:20:19 -04:00
//
// Helm.
//
2022-11-09 09:57:54 -05:00
// HelmNamespace namespace for helm charts.
2022-08-12 04:20:19 -04:00
HelmNamespace = "kube-system"
2022-08-01 03:37:05 -04:00
//
// Releases.
//
2022-11-28 04:27:33 -05:00
// CDNRepositoryURL is the base URL of the Constellation CDN artifact repository.
CDNRepositoryURL = "https://cdn.confidential.cloud"
2023-05-22 08:59:28 -04:00
// CDNAPIBase is the (un-versioned) prefix of the Constellation API.
CDNAPIBase = "constellation"
// CDNAPIPrefix is the prefix of the Constellation API (V1).
CDNAPIPrefix = CDNAPIBase + "/v1"
// CDNAPIPrefixV2 is the prefix of the Constellation API (v2).
CDNAPIPrefixV2 = CDNAPIBase + "/v2"
2023-06-02 03:19:23 -04:00
// CDNAttestationConfigPrefixV1 is the prefix of the Constellation AttestationConfig API (v1).
CDNAttestationConfigPrefixV1 = CDNAPIPrefix + "/attestation"
2023-02-03 05:05:42 -05:00
// CDNMeasurementsFile is name of file containing image measurements.
CDNMeasurementsFile = "measurements.json"
// CDNMeasurementsSignature is name of file containing signature for CDNMeasurementsFile.
CDNMeasurementsSignature = "measurements.json.sig"
2023-06-01 07:55:46 -04:00
// CDNDefaultDistributionID is the default CloudFront distribution ID to use.
CDNDefaultDistributionID = "E1H77EZTHC3NE4"
2023-05-26 11:49:46 -04:00
//
// PKI.
//
// CosignPublicKeyReleases signs all our releases.
CosignPublicKeyReleases = ` -- -- - BEGIN PUBLIC KEY -- -- -
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE + YCFXzjGtaQcrL6XZVT
JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw ==
-- -- - END PUBLIC KEY -- -- -
`
// CosignPublicKeyDev signs all our development builds.
CosignPublicKeyDev = ` -- -- - BEGIN PUBLIC KEY -- -- -
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELcPl4Ik + qZuH4K049wksoXK / Os3Z
b92PDCpM7FZAINQF88s1TZS / HmRXYk62UJ4eqPduvUnJmXhNikhLbMi6fw ==
-- -- - END PUBLIC KEY -- -- -
`
2023-12-12 10:00:03 -05:00
//
// Terraform Provider.
//
// ConstellationClusterURIScheme is the scheme used in Terraform Constellation cluster import URIs.
ConstellationClusterURIScheme = "constellation-cluster"
// KubeConfigURIKey is the key used for the KubeConfig in Terraform Constellation cluster import URIs.
KubeConfigURIKey = "kubeConfig"
// ClusterEndpointURIKey is the key used for the cluster endpoint in Terraform Constellation cluster import URIs.
ClusterEndpointURIKey = "clusterEndpoint"
// MasterSecretURIKey is the key used for the master secret in Terraform Constellation cluster import URIs.
MasterSecretURIKey = "masterSecret"
// MasterSecretSaltURIKey is the key used for the master secret salt in Terraform Constellation cluster import URIs.
MasterSecretSaltURIKey = "masterSecretSalt"
2022-04-06 04:36:58 -04:00
)
2023-07-25 08:20:25 -04:00
// BinaryVersion returns the version of this Binary.
func BinaryVersion ( ) semver . Semver {
version , err := semver . New ( versionInfo )
if err != nil {
// This is not user input, unrecoverable, should never happen.
panic ( fmt . Sprintf ( "parsing embedded version information: %s" , err ) )
}
return version
2023-03-01 05:55:12 -05:00
}
2023-03-09 09:23:42 -05:00
// Timestamp returns the commit timestamp of a binary.
func Timestamp ( ) string {
return timestamp
}
// Commit returns the commit hash of a binary.
func Commit ( ) string {
return commit
}
// State returns the git state of the working directory.
func State ( ) string {
return state
}
var (
// versionInfo is the version of a binary. Left as a separate variable to allow override during build.
versionInfo = "0.0.0"
// timestamp is the commit timestamp of a binary. Left as a separate variable to allow override during build.
timestamp = "1970-01-01T00:00:00Z"
// commit is the commit hash of a binary. Left as a separate variable to allow override during build.
commit = "0000000000000000000000000000000000000000"
// state is the git state of the working directory. Left as a separate variable to allow override during build.
state = "unknown"
)