2022-09-05 03:06:08 -04:00
|
|
|
/*
|
|
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
*/
|
|
|
|
|
2022-04-06 04:36:58 -04:00
|
|
|
/*
|
|
|
|
Package constants contains the constants used by Constellation.
|
|
|
|
Constants should never be overwritable by command line flags or configuration files.
|
|
|
|
*/
|
|
|
|
package constants
|
|
|
|
|
2022-10-11 07:57:52 -04:00
|
|
|
import (
|
|
|
|
"time"
|
|
|
|
)
|
2022-05-04 08:32:34 -04:00
|
|
|
|
2022-04-06 04:36:58 -04:00
|
|
|
const (
|
2022-04-12 10:07:17 -04:00
|
|
|
//
|
|
|
|
// Constellation.
|
|
|
|
//
|
|
|
|
|
|
|
|
// ConstellationNameLength is the maximum length of a Constellation's name.
|
|
|
|
ConstellationNameLength = 37
|
|
|
|
// ConstellationMasterSecretStoreName is the name for the Constellation secrets in Kubernetes.
|
|
|
|
ConstellationMasterSecretStoreName = "constellation-mastersecret"
|
2022-10-18 07:15:54 -04:00
|
|
|
// ConstellationMasterSecretKey is the name of the key for the master secret in the master secret kubernetes secret.
|
2022-04-12 10:07:17 -04:00
|
|
|
ConstellationMasterSecretKey = "mastersecret"
|
2022-10-18 07:15:54 -04:00
|
|
|
// ConstellationSaltKey is the name of the key for the salt in the master secret kubernetes secret.
|
|
|
|
ConstellationSaltKey = "salt"
|
2022-04-12 10:07:17 -04:00
|
|
|
|
2022-04-06 04:36:58 -04:00
|
|
|
//
|
|
|
|
// Ports.
|
|
|
|
//
|
|
|
|
|
2022-07-05 08:13:19 -04:00
|
|
|
// JoinServicePort is the port for reaching the join service within Kubernetes.
|
|
|
|
JoinServicePort = 9090
|
|
|
|
// JoinServiceNodePort is the port for reaching the join service outside of Kubernetes.
|
2022-11-09 09:57:54 -05:00
|
|
|
JoinServiceNodePort = 30090
|
|
|
|
// VerifyServicePortHTTP HTTP port for verification service.
|
|
|
|
VerifyServicePortHTTP = 8080
|
|
|
|
// VerifyServicePortGRPC GRPC port for verification service.
|
|
|
|
VerifyServicePortGRPC = 9090
|
|
|
|
// VerifyServiceNodePortHTTP HTTP node port for verification service.
|
2022-06-28 11:03:28 -04:00
|
|
|
VerifyServiceNodePortHTTP = 30080
|
2022-11-09 09:57:54 -05:00
|
|
|
// VerifyServiceNodePortGRPC GRPC node port for verification service.
|
2022-06-28 11:03:28 -04:00
|
|
|
VerifyServiceNodePortGRPC = 30081
|
2022-06-29 10:13:01 -04:00
|
|
|
// KMSPort is the port the KMS server listens on.
|
2022-11-09 09:57:54 -05:00
|
|
|
KMSPort = 9000
|
|
|
|
// BootstrapperPort port of bootstrapper.
|
2022-06-29 09:26:29 -04:00
|
|
|
BootstrapperPort = 9000
|
2022-11-09 09:57:54 -05:00
|
|
|
// KubernetesPort port for Kubernetes API.
|
|
|
|
KubernetesPort = 6443
|
|
|
|
// RecoveryPort port for Constellation recovery server.
|
|
|
|
RecoveryPort = 9999
|
|
|
|
// DebugdPort port for debugd process.
|
|
|
|
DebugdPort = 4000
|
|
|
|
// KonnectivityPort port for konnectivity k8s service.
|
2022-08-31 21:40:29 -04:00
|
|
|
KonnectivityPort = 8132
|
2022-04-06 04:36:58 -04:00
|
|
|
|
|
|
|
//
|
|
|
|
// Filenames.
|
|
|
|
//
|
2022-11-09 09:57:54 -05:00
|
|
|
|
|
|
|
// ClusterIDsFileName filename that contains Constellation clusterID and IP.
|
|
|
|
ClusterIDsFileName = "constellation-id.json"
|
|
|
|
// ConfigFilename filename of Constellation config file.
|
|
|
|
ConfigFilename = "constellation-conf.yaml"
|
|
|
|
// LicenseFilename filename of Constellation license file.
|
|
|
|
LicenseFilename = "constellation.license"
|
|
|
|
// AdminConfFilename filename of KubeConfig for admin access to Constellation.
|
|
|
|
AdminConfFilename = "constellation-admin.conf"
|
|
|
|
// MasterSecretFilename filename of Constellation mastersecret.
|
|
|
|
MasterSecretFilename = "constellation-mastersecret.json"
|
2022-11-14 12:18:58 -05:00
|
|
|
// TerraformWorkingDir is the directory name for the TerraformClient workspace.
|
|
|
|
TerraformWorkingDir = "constellation-terraform"
|
2022-11-09 09:57:54 -05:00
|
|
|
// ControlPlaneAdminConfFilename filepath to control plane kubernetes admin config.
|
2022-10-21 04:16:44 -04:00
|
|
|
ControlPlaneAdminConfFilename = "/etc/kubernetes/admin.conf"
|
2022-11-09 09:57:54 -05:00
|
|
|
// KubectlPath path to kubectl binary.
|
|
|
|
KubectlPath = "/run/state/bin/kubectl"
|
2022-05-23 05:36:54 -04:00
|
|
|
|
2022-11-14 13:09:49 -05:00
|
|
|
// CniPluginsDir path directory for CNI plugins.
|
|
|
|
CniPluginsDir = "/opt/cni/bin"
|
|
|
|
// BinDir install path for CNI config.
|
|
|
|
BinDir = "/run/state/bin"
|
|
|
|
// KubeadmPath install path for kubeadm.
|
|
|
|
KubeadmPath = "/run/state/bin/kubeadm"
|
|
|
|
// KubeletPath install path for kubelet.
|
|
|
|
KubeletPath = "/run/state/bin/kubelet"
|
|
|
|
|
2022-06-29 10:13:01 -04:00
|
|
|
//
|
|
|
|
// Filenames for Constellation's micro services.
|
|
|
|
//
|
|
|
|
|
2022-07-18 06:28:02 -04:00
|
|
|
// ServiceBasePath is the base path for the mounted micro service's files.
|
2022-06-29 10:13:01 -04:00
|
|
|
ServiceBasePath = "/var/config"
|
|
|
|
// MeasurementsFilename is the filename of CC measurements.
|
|
|
|
MeasurementsFilename = "measurements"
|
2022-08-12 09:59:45 -04:00
|
|
|
// EnforcedPCRsFilename is the filename for a list PCRs that are required to pass attestation.
|
|
|
|
EnforcedPCRsFilename = "enforcedPCRs"
|
2022-07-26 04:58:39 -04:00
|
|
|
// MeasurementSaltFilename is the filename of the salt used in creation of the clusterID.
|
|
|
|
MeasurementSaltFilename = "measurementSalt"
|
|
|
|
// MeasurementSecretFilename is the filename of the secret used in creation of the clusterID.
|
|
|
|
MeasurementSecretFilename = "measurementSecret"
|
2022-10-05 09:02:46 -04:00
|
|
|
// IDKeyDigestFilename is the name of the file holding the currently enforced idkeydigest.
|
|
|
|
IDKeyDigestFilename = "idkeydigest"
|
|
|
|
// EnforceIDKeyDigestFilename is the name of the file configuring whether idkeydigest is enforced or not.
|
|
|
|
EnforceIDKeyDigestFilename = "enforceIdKeyDigest"
|
2022-08-31 14:10:49 -04:00
|
|
|
// AzureCVM is the name of the file indicating whether the cluster is expected to run on CVMs or not.
|
|
|
|
AzureCVM = "azureCVM"
|
2022-07-19 03:25:44 -04:00
|
|
|
// K8sVersion is the filename of the mapped "k8s-version" configMap file.
|
2022-07-18 06:28:02 -04:00
|
|
|
K8sVersion = "k8s-version"
|
2022-05-02 07:21:07 -04:00
|
|
|
|
2022-05-04 02:50:50 -04:00
|
|
|
//
|
|
|
|
// CLI.
|
|
|
|
//
|
|
|
|
|
2022-11-09 09:57:54 -05:00
|
|
|
// MinControllerCount is the minimum number of control nodes.
|
2022-05-04 02:50:50 -04:00
|
|
|
MinControllerCount = 1
|
2022-11-09 09:57:54 -05:00
|
|
|
// MinWorkerCount is the minimum number of worker nodes.
|
|
|
|
MinWorkerCount = 1
|
2022-11-15 09:40:49 -05:00
|
|
|
// EnvVarPrefix is expected prefix for environment variables used to overwrite config parameters.
|
|
|
|
EnvVarPrefix = "CONSTELL_"
|
|
|
|
// EnvVarAzureClientSecretValue is environment variable to overwrite
|
|
|
|
// provider.azure.clientSecretValue .
|
|
|
|
EnvVarAzureClientSecretValue = EnvVarPrefix + "AZURE_CLIENT_SECRET_VALUE"
|
2022-05-05 02:48:56 -04:00
|
|
|
|
|
|
|
//
|
|
|
|
// Kubernetes.
|
|
|
|
//
|
|
|
|
|
2022-11-09 09:57:54 -05:00
|
|
|
// KubernetesJoinTokenTTL time to live for Kubernetes join token.
|
2022-05-04 08:32:34 -04:00
|
|
|
KubernetesJoinTokenTTL = 15 * time.Minute
|
2022-11-09 09:57:54 -05:00
|
|
|
// ConstellationNamespace namespace to deploy Constellation components into.
|
2022-08-29 10:49:44 -04:00
|
|
|
ConstellationNamespace = "kube-system"
|
2022-11-09 09:57:54 -05:00
|
|
|
// JoinConfigMap k8s config map with node join config.
|
|
|
|
JoinConfigMap = "join-config"
|
|
|
|
// InternalConfigMap k8s config map with internal Constellation config.
|
|
|
|
InternalConfigMap = "internal-config"
|
2022-08-01 03:37:05 -04:00
|
|
|
|
2022-08-12 04:20:19 -04:00
|
|
|
//
|
|
|
|
// Helm.
|
|
|
|
//
|
|
|
|
|
2022-11-09 09:57:54 -05:00
|
|
|
// HelmNamespace namespace for helm charts.
|
2022-08-12 04:20:19 -04:00
|
|
|
HelmNamespace = "kube-system"
|
|
|
|
|
2022-08-01 03:37:05 -04:00
|
|
|
//
|
|
|
|
// Releases.
|
|
|
|
//
|
|
|
|
|
2022-11-28 04:27:33 -05:00
|
|
|
// CDNRepositoryURL is the base URL of the Constellation CDN artifact repository.
|
|
|
|
CDNRepositoryURL = "https://cdn.confidential.cloud"
|
|
|
|
// CDNImagePath is the default path to image references in the CDN repository.
|
|
|
|
CDNImagePath = "constellation/v1/images"
|
|
|
|
// CDNMeasurementsPath is the default path to image measurements in the CDN repository.
|
|
|
|
CDNMeasurementsPath = "constellation/v1/measurements"
|
2022-04-06 04:36:58 -04:00
|
|
|
)
|
|
|
|
|
2022-06-01 08:21:18 -04:00
|
|
|
// VersionInfo is the version of a binary. Left as a separate variable to allow override during build.
|
|
|
|
var VersionInfo = "0.0.0"
|