constellation/internal/constants/constants.go

324 lines
14 KiB
Go
Raw Normal View History

/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
2022-04-06 04:36:58 -04:00
/*
Package constants contains the constants used by Constellation.
Constants should never be overwritable by command line flags or configuration files.
*/
package constants
import (
"fmt"
"time"
"github.com/edgelesssys/constellation/v2/internal/semver"
)
2022-04-06 04:36:58 -04:00
const (
//
// Constellation.
//
// ConstellationNameLength is the maximum length of a Constellation's name.
ConstellationNameLength = 37
// AWSConstellationNameLength is the maximum length of a Constellation's name on AWS.
AWSConstellationNameLength = 10
// ConstellationMasterSecretStoreName is the name for the Constellation secrets in Kubernetes.
ConstellationMasterSecretStoreName = "constellation-mastersecret"
// ConstellationMasterSecretKey is the name of the key for the master secret in the master secret kubernetes secret.
ConstellationMasterSecretKey = "mastersecret"
// ConstellationSaltKey is the name of the key for the salt in the master secret kubernetes secret.
ConstellationSaltKey = "salt"
2023-01-17 09:28:07 -05:00
// ConstellationVerifyServiceUserData is the user data that the verification service includes in the attestation.
ConstellationVerifyServiceUserData = "VerifyService"
// AttestationVariant is the name of the environment variable that contains the attestation variant.
AttestationVariant = "CONSTEL_ATTESTATION_VARIANT"
2023-08-02 04:23:15 -04:00
// DefaultControlPlaneGroupName is the name of the default control plane node group.
DefaultControlPlaneGroupName = "control_plane_default"
// DefaultWorkerGroupName is the name of the default worker node group.
DefaultWorkerGroupName = "worker_default"
2022-04-06 04:36:58 -04:00
//
// Ports.
//
2022-07-05 08:13:19 -04:00
// JoinServicePort is the port for reaching the join service within Kubernetes.
JoinServicePort = 9090
// JoinServiceNodePort is the port for reaching the join service outside of Kubernetes.
JoinServiceNodePort = 30090
// VerifyServicePortHTTP HTTP port for verification service.
VerifyServicePortHTTP = 8080
// VerifyServicePortGRPC GRPC port for verification service.
VerifyServicePortGRPC = 9090
// VerifyServiceNodePortHTTP HTTP node port for verification service.
VerifyServiceNodePortHTTP = 30080
// VerifyServiceNodePortGRPC GRPC node port for verification service.
VerifyServiceNodePortGRPC = 30081
// KeyServicePort is the port the KMS server listens on.
KeyServicePort = 9000
// BootstrapperPort port of bootstrapper.
BootstrapperPort = 9000
// KubernetesPort port for Kubernetes API.
KubernetesPort = 6443
// RecoveryPort port for Constellation recovery server.
RecoveryPort = 9999
// DebugdPort port for debugd process.
DebugdPort = 4000
2022-04-06 04:36:58 -04:00
//
// Filenames.
//
// StateFilename filename that contains the entire state of the Constellation cluster.
StateFilename = "constellation-state.yaml"
// ConfigFilename filename of Constellation config file.
ConfigFilename = "constellation-conf.yaml"
// LicenseFilename filename of Constellation license file.
LicenseFilename = "constellation.license"
// AdminConfFilename filename of KubeConfig for admin access to Constellation.
AdminConfFilename = "constellation-admin.conf"
// MasterSecretFilename filename of Constellation mastersecret.
MasterSecretFilename = "constellation-mastersecret.json"
// TerraformWorkingDir is the directory name for the TerraformClient workspace.
TerraformWorkingDir = "constellation-terraform"
// TerraformIAMWorkingDir is the directory name for the Terraform IAM Client workspace.
TerraformIAMWorkingDir = "constellation-iam-terraform"
// GCPServiceAccountKeyFilename is the file name for the GCP service account key file.
GCPServiceAccountKeyFilename = "gcpServiceAccountKey.json"
// ErrorLog file which contains server errors during init.
ErrorLog = "constellation-cluster.log"
// ControlPlaneAdminConfFilename filepath to control plane kubernetes admin config.
ControlPlaneAdminConfFilename = "/etc/kubernetes/admin.conf"
// KubectlPath path to kubectl binary.
KubectlPath = "/run/state/bin/kubectl"
// UpgradeAgentSocketPath is the path to the UDS that is used for the gRPC connection to the upgrade agent.
UpgradeAgentSocketPath = "/run/constellation-upgrade-agent.sock"
// UpgradeAgentMountPath is the path inside the operator container where the UDS is mounted.
UpgradeAgentMountPath = "/etc/constellation-upgrade-agent.sock"
// CniPluginsDir path directory for CNI plugins.
CniPluginsDir = "/opt/cni/bin"
// BinDir install path for CNI config.
BinDir = "/run/state/bin"
// KubeadmPath install path for kubeadm.
KubeadmPath = "/run/state/bin/kubeadm"
// KubeletPath install path for kubelet.
KubeletPath = "/run/state/bin/kubelet"
//
// Filenames for Constellation's micro services.
//
// ServiceBasePath is the base path for the mounted micro service's files.
ServiceBasePath = "/var/config"
// AttestationConfigFilename is the filename of the config used for CC validation.
AttestationConfigFilename = "attestationConfig"
// MeasurementSaltFilename is the filename of the salt used in creation of the clusterID.
MeasurementSaltFilename = "measurementSalt"
// MeasurementSecretFilename is the filename of the secret used in creation of the clusterID.
MeasurementSecretFilename = "measurementSecret"
// K8sVersionFieldName is the name of the of the key holding the wanted Kubernetes version.
K8sVersionFieldName = "cluster-version"
// ComponentsListKey is the name of the key holding the list of components in the components configMap.
ComponentsListKey = "components"
joinservice: cache certificates for Azure SEV-SNP attestation (#2336) * add ASK caching in joinservice Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use cached ASK in Azure SEV-SNP attestation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update test charts Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix typ Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make caching mechanism less provider-specific Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add `omitempty` flag Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * frontload certificate getter Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * rename frontloaded function Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * pass cached certificates to constructor Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix race condition Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix marshalling of empty certs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix validator usage Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [wip] add certcache tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add certcache tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix validator test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unused fields in validator Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix certificate precedence Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use separate context Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * linter fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * linter fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Remove unnecessary comment Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * use background context Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Use error format directive Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * `azure` -> `Azure` Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * improve error messages Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add x509 -> PEM util function Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use crypto util functions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix certificate replacement logic Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only require ASK from certcache Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix comment typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-09-29 08:29:50 -04:00
// SevSnpCertCacheConfigMapName is the name of the configMap holding the SEV-SNP certificate cache in the join service.
SevSnpCertCacheConfigMapName = "sev-snp-cert-cache"
// CertCacheAskKey is the name of the key holding the ASK certificate in the SEV-SNP certificate cache.
CertCacheAskKey = "ask"
// CertCacheArkKey is the name of the key holding the ARK certificate in the SEV-SNP certificate cache.
CertCacheArkKey = "ark"
// NodeVersionResourceName resource name used for NodeVersion in constellation-operator and CLI.
NodeVersionResourceName = "constellation-version"
// NodeKubernetesComponentsAnnotationKey is the name of the annotation holding the reference to the ConfigMap listing all K8s components.
NodeKubernetesComponentsAnnotationKey = "constellation.edgeless.systems/kubernetes-components"
// JoiningNodesConfigMapName is the name of the configMap holding the joining nodes with the components hashes the node-operator should annotate the nodes with.
JoiningNodesConfigMapName = "joining-nodes"
//
// CLI.
//
// MinControllerCount is the minimum number of control nodes.
MinControllerCount = 1
// MinWorkerCount is the minimum number of worker nodes.
MinWorkerCount = 1
// EnvVarPrefix is expected prefix for environment variables used to overwrite config parameters.
EnvVarPrefix = "CONSTELL_"
// EnvVarAzureClientSecretValue is environment variable to overwrite
// provider.azure.clientSecretValue .
EnvVarAzureClientSecretValue = EnvVarPrefix + "AZURE_CLIENT_SECRET_VALUE"
// EnvVarOpenStackPassword is environment variable to overwrite
// provider.openstack.password .
EnvVarOpenStackPassword = EnvVarPrefix + "OS_PASSWORD"
// EnvVarNoSpinner is environment variable used to disable the loading indicator (spinner)
// displayed in Constellation CLI. Any non-empty value, e.g., CONSTELL_NO_SPINNER=1,
// can be used to disable the spinner.
EnvVarNoSpinner = EnvVarPrefix + "NO_SPINNER"
// MiniConstellationUID is a sentinel value for the UID of a mini constellation.
MiniConstellationUID = "mini"
// MiniConstellationName is a sentinel value for the name of a mini constellation.
MiniConstellationName = MiniConstellationUID + "-qemu"
// TerraformLogFile is the file name of the Terraform log file.
TerraformLogFile = "terraform.log"
cli: Terraform migrations on upgrade (#1685) * add terraform planning * overwrite terraform files in upgrade workspace * Revert "overwrite terraform files in upgrade workspace" This reverts commit 8bdacfb8bef23ef2cdbdb06bad0855b3bbc42df0. * prepare terraform workspace * test upgrade integration * print upgrade abort * rename plan file * write output to file * add show plan test * add upgrade tf workdir * fix workspace preparing * squash to 1 command * test * bazel build * plan test * register flag manually * bazel tidy * fix linter * remove MAA variable * fix workdir * accept tf variables * variable fetching * fix resource indices * accept Terraform targets * refactor upgrade command * Terraform migration apply unit test * pass down image fetcher to test * use new flags in e2e test * move file name to constant * update buildfiles * fix version constant * conditionally create MAA * move interface down * upgrade dir * update buildfiles * fix interface * fix createMAA check * fix imports * update buildfiles * wip: workspace backup * copy utils * backup upgrade workspace * remove debug print * replace old state after upgrade * check if flag exists * prepare test workspace * remove prefix Co-authored-by: Otto Bittner <cobittner@posteo.net> * respect file permissions * refactor tf upgrader * check workspace before upgrades * remove temp upgrade dir after completion * clean up workspace after abortion * fix upgrade apply test * fix linter --------- Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-05-22 07:31:20 -04:00
// TerraformUpgradeWorkingDir is the directory name for the Terraform workspace being used in an upgrade.
TerraformUpgradeWorkingDir = "terraform"
aws: use new LB controller to fix SecurityGroup cleanup on K8s service deletion (#2090) * add current chart add current helm chart * disable service controller for aws ccm * add new iam roles * doc AWS internet LB + add to LB test * pass clusterName to helm for AWS LB * fix update-aws-lb chart to also include .helmignore * move chart outside services * working state * add subnet tags for AWS subnet discovery * fix .helmignore load rule with file in subdirectory * upgrade iam profile * revert new loader impl since cilium is not correctly loaded * install chart if not already present during `upgrade apply` * cleanup PR + fix build + add todos cleanup PR + add todos * shared helm pkg for cli install and bootstrapper * add link to eks docs * refactor iamMigrationCmd * delete unused helm.symwallk * move iammigrate to upgrade pkg * fixup! delete unused helm.symwallk * add to upgradecheck * remove nodeSelector from go code (Otto) * update iam docs and sort permission + remove duplicate roles * fix bug in `upgrade check` * better upgrade check output when svc version upgrade not possible * pr feedback * remove force flag in upgrade_test * use upgrader.GetUpgradeID instead of extra type * remove todos + fix check * update doc lb (leo) * remove bootstrapper helm package * Update cli/internal/cmd/upgradecheck.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * final nits * add docs for e2e upgrade test setup * Apply suggestions from code review Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/helm/loader.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/cmd/tfmigrationclient.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * fix daniel review * link to the iam permissions instead of manually updating them (agreed with leo) * disable iam upgrade in upgrade apply --------- Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Malte Poll
2023-07-24 04:30:53 -04:00
// TerraformIAMUpgradeWorkingDir is the directory name for the Terraform IAM workspace being used in an upgrade.
TerraformIAMUpgradeWorkingDir = "terraform-iam"
cli: Terraform migrations on upgrade (#1685) * add terraform planning * overwrite terraform files in upgrade workspace * Revert "overwrite terraform files in upgrade workspace" This reverts commit 8bdacfb8bef23ef2cdbdb06bad0855b3bbc42df0. * prepare terraform workspace * test upgrade integration * print upgrade abort * rename plan file * write output to file * add show plan test * add upgrade tf workdir * fix workspace preparing * squash to 1 command * test * bazel build * plan test * register flag manually * bazel tidy * fix linter * remove MAA variable * fix workdir * accept tf variables * variable fetching * fix resource indices * accept Terraform targets * refactor upgrade command * Terraform migration apply unit test * pass down image fetcher to test * use new flags in e2e test * move file name to constant * update buildfiles * fix version constant * conditionally create MAA * move interface down * upgrade dir * update buildfiles * fix interface * fix createMAA check * fix imports * update buildfiles * wip: workspace backup * copy utils * backup upgrade workspace * remove debug print * replace old state after upgrade * check if flag exists * prepare test workspace * remove prefix Co-authored-by: Otto Bittner <cobittner@posteo.net> * respect file permissions * refactor tf upgrader * check workspace before upgrades * remove temp upgrade dir after completion * clean up workspace after abortion * fix upgrade apply test * fix linter --------- Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-05-22 07:31:20 -04:00
// TerraformUpgradeBackupDir is the directory name being used to backup the pre-upgrade state in an upgrade.
TerraformUpgradeBackupDir = "terraform-backup"
aws: use new LB controller to fix SecurityGroup cleanup on K8s service deletion (#2090) * add current chart add current helm chart * disable service controller for aws ccm * add new iam roles * doc AWS internet LB + add to LB test * pass clusterName to helm for AWS LB * fix update-aws-lb chart to also include .helmignore * move chart outside services * working state * add subnet tags for AWS subnet discovery * fix .helmignore load rule with file in subdirectory * upgrade iam profile * revert new loader impl since cilium is not correctly loaded * install chart if not already present during `upgrade apply` * cleanup PR + fix build + add todos cleanup PR + add todos * shared helm pkg for cli install and bootstrapper * add link to eks docs * refactor iamMigrationCmd * delete unused helm.symwallk * move iammigrate to upgrade pkg * fixup! delete unused helm.symwallk * add to upgradecheck * remove nodeSelector from go code (Otto) * update iam docs and sort permission + remove duplicate roles * fix bug in `upgrade check` * better upgrade check output when svc version upgrade not possible * pr feedback * remove force flag in upgrade_test * use upgrader.GetUpgradeID instead of extra type * remove todos + fix check * update doc lb (leo) * remove bootstrapper helm package * Update cli/internal/cmd/upgradecheck.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * final nits * add docs for e2e upgrade test setup * Apply suggestions from code review Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/helm/loader.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/cmd/tfmigrationclient.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * fix daniel review * link to the iam permissions instead of manually updating them (agreed with leo) * disable iam upgrade in upgrade apply --------- Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Malte Poll
2023-07-24 04:30:53 -04:00
// TerraformIAMUpgradeBackupDir is the directory name being used to backup the pre-upgrade state of iam in an upgrade.
TerraformIAMUpgradeBackupDir = "terraform-iam-backup"
// TerraformEmbeddedDir is the name of the base directory embedded in the CLI binary containing the Terraform files.
TerraformEmbeddedDir = "infrastructure"
cli: Terraform migrations on upgrade (#1685) * add terraform planning * overwrite terraform files in upgrade workspace * Revert "overwrite terraform files in upgrade workspace" This reverts commit 8bdacfb8bef23ef2cdbdb06bad0855b3bbc42df0. * prepare terraform workspace * test upgrade integration * print upgrade abort * rename plan file * write output to file * add show plan test * add upgrade tf workdir * fix workspace preparing * squash to 1 command * test * bazel build * plan test * register flag manually * bazel tidy * fix linter * remove MAA variable * fix workdir * accept tf variables * variable fetching * fix resource indices * accept Terraform targets * refactor upgrade command * Terraform migration apply unit test * pass down image fetcher to test * use new flags in e2e test * move file name to constant * update buildfiles * fix version constant * conditionally create MAA * move interface down * upgrade dir * update buildfiles * fix interface * fix createMAA check * fix imports * update buildfiles * wip: workspace backup * copy utils * backup upgrade workspace * remove debug print * replace old state after upgrade * check if flag exists * prepare test workspace * remove prefix Co-authored-by: Otto Bittner <cobittner@posteo.net> * respect file permissions * refactor tf upgrader * check workspace before upgrades * remove temp upgrade dir after completion * clean up workspace after abortion * fix upgrade apply test * fix linter --------- Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-05-22 07:31:20 -04:00
// UpgradeDir is the name of the directory being used for cluster upgrades.
UpgradeDir = "constellation-upgrade"
// ControlPlaneDefault is the name of the default control plane worker group.
ControlPlaneDefault = "control_plane_default"
// WorkerDefault is the name of the default worker group.
WorkerDefault = "worker_default"
terraform: Azure Marketplace image support (#2651) * terraform: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * config: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: use Terraform variables from config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: pass down marketplace variable * image: pad Azure images to 1GiB * terraform: add version attribute to marketplace image * semver: allow versions to be exported without prefix * cli: boolean var to use marketplace images * config: remove dive key * dev-docs: add instructions on how to use marketplace images * terraform: fix unit test * terraform: only fetch image for non-marketplace images * mpimage: refactor image selection Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] increase minor version for image build Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: ignore changes to source_image_reference on upgrade * operator: add support for parsing Azure marketplace images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * upgrade: fix imagefetcher call * docs: add info about azure marketplace * image: ensure more than 1GiB in size * image: test to pad to 2GiB * version: change back to v2.14.0-pre * image: GPT-conformant image size padding * [remove] increase version * mpimage: inline prefix func Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: add marketplace image e2e test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register workflow * ci: fix workflow name * ci: only allow azure test * cli: add marketplace image input to interface * cli: fix argument passing * version: roll back to v2.14.0 * ci: add force-flag support * Update docs/docs/overview/license.md * Update dev-docs/workflows/marketplace-images.md Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-08 08:40:31 -05:00
//
// CSP.
//
// MarketplaceImageURIScheme is the scheme used for Constellation marketplace OS images.
MarketplaceImageURIScheme = "constellation-marketplace-image"
//
// Azure.
//
// AzureMarketplaceImagePublisherKey is the URI key for the Azure Marketplace image publisher.
AzureMarketplaceImagePublisherKey = "publisher"
// AzureMarketplaceImageOfferKey is the URI key for the Azure Marketplace image offer.
AzureMarketplaceImageOfferKey = "offer"
// AzureMarketplaceImageSkuKey is the URI key for the Azure Marketplace image SKU.
AzureMarketplaceImageSkuKey = "sku"
// AzureMarketplaceImageVersionKey is the URI key for the Azure Marketplace image version.
AzureMarketplaceImageVersionKey = "version"
// AzureMarketplaceImagePublisher is the publisher of the Azure Marketplace image.
AzureMarketplaceImagePublisher = "edgelesssystems"
// AzureMarketplaceImageOffer is the offer of the Azure Marketplace image.
AzureMarketplaceImageOffer = "constellation"
// AzureMarketplaceImagePlan is the plan of the Azure Marketplace image.
AzureMarketplaceImagePlan = "constellation"
//
// Kubernetes.
//
// KubernetesJoinTokenTTL time to live for Kubernetes join token.
KubernetesJoinTokenTTL = 15 * time.Minute
// ConstellationNamespace namespace to deploy Constellation components into.
ConstellationNamespace = "kube-system"
// JoinConfigMap k8s config map with node join config.
JoinConfigMap = "join-config"
// InternalConfigMap k8s config map with internal Constellation config.
InternalConfigMap = "internal-config"
// KubeadmConfigMap k8s config map with kubeadm config
// (holds ClusterConfiguration).
KubeadmConfigMap = "kubeadm-config"
// ClusterConfigurationKey key in kubeadm config map with ClusterConfiguration.
ClusterConfigurationKey = "ClusterConfiguration"
2022-08-12 04:20:19 -04:00
//
// Helm.
//
// HelmNamespace namespace for helm charts.
2022-08-12 04:20:19 -04:00
HelmNamespace = "kube-system"
//
// Releases.
//
// CDNRepositoryURL is the base URL of the Constellation CDN artifact repository.
CDNRepositoryURL = "https://cdn.confidential.cloud"
2023-05-22 08:59:28 -04:00
// CDNAPIBase is the (un-versioned) prefix of the Constellation API.
CDNAPIBase = "constellation"
// CDNAPIPrefix is the prefix of the Constellation API (V1).
CDNAPIPrefix = CDNAPIBase + "/v1"
// CDNAPIPrefixV2 is the prefix of the Constellation API (v2).
CDNAPIPrefixV2 = CDNAPIBase + "/v2"
// CDNAttestationConfigPrefixV1 is the prefix of the Constellation AttestationConfig API (v1).
CDNAttestationConfigPrefixV1 = CDNAPIPrefix + "/attestation"
// CDNMeasurementsFile is name of file containing image measurements.
CDNMeasurementsFile = "measurements.json"
// CDNMeasurementsSignature is name of file containing signature for CDNMeasurementsFile.
CDNMeasurementsSignature = "measurements.json.sig"
// CDNDefaultDistributionID is the default CloudFront distribution ID to use.
CDNDefaultDistributionID = "E1H77EZTHC3NE4"
//
// PKI.
//
// CosignPublicKeyReleases signs all our releases.
CosignPublicKeyReleases = `-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT
JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw==
-----END PUBLIC KEY-----
`
// CosignPublicKeyDev signs all our development builds.
CosignPublicKeyDev = `-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELcPl4Ik+qZuH4K049wksoXK/Os3Z
b92PDCpM7FZAINQF88s1TZS/HmRXYk62UJ4eqPduvUnJmXhNikhLbMi6fw==
-----END PUBLIC KEY-----
`
//
// Terraform Provider.
//
// ConstellationClusterURIScheme is the scheme used in Terraform Constellation cluster import URIs.
ConstellationClusterURIScheme = "constellation-cluster"
// KubeConfigURIKey is the key used for the KubeConfig in Terraform Constellation cluster import URIs.
KubeConfigURIKey = "kubeConfig"
// ClusterEndpointURIKey is the key used for the cluster endpoint in Terraform Constellation cluster import URIs.
ClusterEndpointURIKey = "clusterEndpoint"
// MasterSecretURIKey is the key used for the master secret in Terraform Constellation cluster import URIs.
MasterSecretURIKey = "masterSecret"
// MasterSecretSaltURIKey is the key used for the master secret salt in Terraform Constellation cluster import URIs.
MasterSecretSaltURIKey = "masterSecretSalt"
2022-04-06 04:36:58 -04:00
)
// BinaryVersion returns the version of this Binary.
func BinaryVersion() semver.Semver {
version, err := semver.New(versionInfo)
if err != nil {
// This is not user input, unrecoverable, should never happen.
panic(fmt.Sprintf("parsing embedded version information: %s", err))
}
return version
}
// Timestamp returns the commit timestamp of a binary.
func Timestamp() string {
return timestamp
}
// Commit returns the commit hash of a binary.
func Commit() string {
return commit
}
// State returns the git state of the working directory.
func State() string {
return state
}
var (
// versionInfo is the version of a binary. Left as a separate variable to allow override during build.
versionInfo = "0.0.0"
// timestamp is the commit timestamp of a binary. Left as a separate variable to allow override during build.
timestamp = "1970-01-01T00:00:00Z"
// commit is the commit hash of a binary. Left as a separate variable to allow override during build.
commit = "0000000000000000000000000000000000000000"
// state is the git state of the working directory. Left as a separate variable to allow override during build.
state = "unknown"
)