constellation/internal/constants/constants.go

/*
Package constants contains the constants used by Constellation.
Constants should never be overwritable by command line flags or configuration files.
*/
package constants

import "time"

const (
	//
	// Constellation.
	//

	// ConstellationNameLength is the maximum length of a Constellation's name.
	ConstellationNameLength = 37
	// ConstellationMasterSecretStoreName is the name for the Constellation secrets in Kubernetes.
	ConstellationMasterSecretStoreName = "constellation-mastersecret"
	// ConstellationMasterSecretKey is the name of the key for master secret in the master secret store secret.
	ConstellationMasterSecretKey = "mastersecret"

	//
	// Ports.
	//

	ActivationServicePort     = 9090
	ActivationServiceNodePort = 30090
	VerifyServicePortHTTP     = 8080
	VerifyServicePortGRPC     = 9090
	VerifyServiceNodePortHTTP = 30080
	VerifyServiceNodePortGRPC = 30081
	// KMSPort is the port the KMS server listens on.
	KMSPort = 9000
	// KMSATLSPort is the port the KMS aTLS server listens on.
	KMSATLSPort = 9001
	// KMSNodePort is the aTLS port exposed as a NodePort.
	KMSNodePort     = 30091
	CoordinatorPort = 9000
	EnclaveSSHPort  = 2222
	SSHPort         = 22
	WireguardPort   = 51820
	NVMEOverTCPPort = 8009
	// Default NodePort Range
	// https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
	NodePortFrom   = 30000
	NodePortTo     = 32767
	KubernetesPort = 6443

	//
	// Filenames.
	//

	StateFilename           = "constellation-state.json"
	ClusterIDsFileName      = "constellation-id.json"
	ConfigFilename          = "constellation-conf.yaml"
	DebugdConfigFilename    = "cdbg-conf.yaml"
	AdminConfFilename       = "constellation-admin.conf"
	MasterSecretFilename    = "constellation-mastersecret.base64"
	WGQuickConfigFilename   = "wg0.conf"
	CoreOSAdminConfFilename = "/etc/kubernetes/admin.conf"
	KubeadmCertificateDir   = "/etc/kubernetes/pki"

	//
	// Filenames for Constellation's micro services.
	//

	// ServiceBasePath is the base path for the mounted micro services files.
	ServiceBasePath = "/var/config"
	// MeasurementsFilename is the filename of CC measurements.
	MeasurementsFilename = "measurements"
	// IDFilename is the filename of Constellation's IDs.
	IDFilename = "id"

	//
	// Cryptographic constants.
	//

	StateDiskKeyLength = 32
	// DerivedKeyLengthDefault is the default length in bytes for KMS derived keys.
	DerivedKeyLengthDefault = 32
	// MasterSecretLengthDefault is the default length in bytes for CLI generated master secrets.
	MasterSecretLengthDefault = 32
	// MasterSecretLengthMin is the minimal length in bytes for user provided master secrets.
	MasterSecretLengthMin = 16

	//
	// CLI.
	//

	MinControllerCount = 1
	MinWorkerCount     = 1

	//
	// Kubernetes.
	//

	// KubernetesVersion installed by kubeadm.
	KubernetesVersion      = "stable-1.23"
	KubernetesJoinTokenTTL = 15 * time.Minute

	//
	// VPN.
	//

	// WireguardAdminMTU is the MTU designated for the admin's WireGuard interface.
	// WireGuard doesn't support Path MTU Discovery. Thus, its default MTU can be too high on some networks.
	WireguardAdminMTU = 1300
)

// VersionInfo is the version of a binary. Left as a separate variable to allow override during build.
var VersionInfo = "0.0.0"
Restructure config and constants 2022-04-06 10:36:58 +02:00			`/*`
			`Package constants contains the constants used by Constellation.`
			`Constants should never be overwritable by command line flags or configuration files.`
			`*/`
			`package constants`

Create kubernetes join token on demand Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-04 14:32:34 +02:00			`import "time"`

Restructure config and constants 2022-04-06 10:36:58 +02:00			`const (`
Deploy KMS server image in Constellation Add image pull secret for ghcr.io 2022-04-12 14:07:17 +00:00			`//`
			`// Constellation.`
			`//`

			`// ConstellationNameLength is the maximum length of a Constellation's name.`
			`ConstellationNameLength = 37`
			`// ConstellationMasterSecretStoreName is the name for the Constellation secrets in Kubernetes.`
			`ConstellationMasterSecretStoreName = "constellation-mastersecret"`
			`// ConstellationMasterSecretKey is the name of the key for master secret in the master secret store secret.`
			`ConstellationMasterSecretKey = "mastersecret"`

Restructure config and constants 2022-04-06 10:36:58 +02:00			`//`
			`// Ports.`
			`//`

AB#2111 Deploy activation service on cluster init (#205) * Deploy activation service on cluster init * Use base image with CA certificates for activation service * Improve KMS server Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-15 16:00:48 +02:00			`ActivationServicePort = 9090`
			`ActivationServiceNodePort = 30090`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 17:03:28 +02:00			`VerifyServicePortHTTP = 8080`
			`VerifyServicePortGRPC = 9090`
			`VerifyServiceNodePortHTTP = 30080`
			`VerifyServiceNodePortGRPC = 30081`
Add aTLS endpoint to KMS (#236) * Move file watcher and validator to internal * Add aTLS endpoint to KMS for Kubernetes external requests * Update Go version in Dockerfiles * Move most KMS packages to internal Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-29 16:13:01 +02:00			`// KMSPort is the port the KMS server listens on.`
			`KMSPort = 9000`
			`// KMSATLSPort is the port the KMS aTLS server listens on.`
			`KMSATLSPort = 9001`
			`// KMSNodePort is the aTLS port exposed as a NodePort.`
			`KMSNodePort = 30091`
			`CoordinatorPort = 9000`
			`EnclaveSSHPort = 2222`
			`SSHPort = 22`
			`WireguardPort = 51820`
			`NVMEOverTCPPort = 8009`
Feat/conformity test (#79) * Added files required to request conformance with kubernetes * Extended firewall implementation to allow port ranges * Added default nodeport range to vpc network config 2022-04-26 17:09:03 +02:00			`// Default NodePort Range`
			`// https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport`
replace flannel with cilium 2022-05-24 10:04:42 +02:00			`NodePortFrom = 30000`
			`NodePortTo = 32767`
			`KubernetesPort = 6443`
Restructure config and constants 2022-04-06 10:36:58 +02:00
			`//`
			`// Filenames.`
			`//`

Implement activation service Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-05-23 11:36:54 +02:00			`StateFilename = "constellation-state.json"`
IDsFilename -> ClusterIDsFilename 2022-07-05 13:52:36 +02:00			`ClusterIDsFileName = "constellation-id.json"`
Implement activation service Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-05-23 11:36:54 +02:00			`ConfigFilename = "constellation-conf.yaml"`
			`DebugdConfigFilename = "cdbg-conf.yaml"`
			`AdminConfFilename = "constellation-admin.conf"`
			`MasterSecretFilename = "constellation-mastersecret.base64"`
			`WGQuickConfigFilename = "wg0.conf"`
			`CoreOSAdminConfFilename = "/etc/kubernetes/admin.conf"`
AB#2169 Implement control-plane activation in activation service (#217) * Implement Control Plane activation flow * Rename Activation RPCs Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-21 11:10:32 +02:00			`KubeadmCertificateDir = "/etc/kubernetes/pki"`
Implement activation service Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-05-23 11:36:54 +02:00
Add aTLS endpoint to KMS (#236) * Move file watcher and validator to internal * Add aTLS endpoint to KMS for Kubernetes external requests * Update Go version in Dockerfiles * Move most KMS packages to internal Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-29 16:13:01 +02:00			`//`
			`// Filenames for Constellation's micro services.`
			`//`

			`// ServiceBasePath is the base path for the mounted micro services files.`
			`ServiceBasePath = "/var/config"`
			`// MeasurementsFilename is the filename of CC measurements.`
			`MeasurementsFilename = "measurements"`
			`// IDFilename is the filename of Constellation's IDs.`
			`IDFilename = "id"`
"constellation recover" CLI command Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-02 13:21:07 +02:00
			`//`
			`// Cryptographic constants.`
			`//`
Deploy KMS server image in Constellation Add image pull secret for ghcr.io 2022-04-12 14:07:17 +00:00
			`StateDiskKeyLength = 32`
			`// DerivedKeyLengthDefault is the default length in bytes for KMS derived keys.`
AB#1943 Extract KMS package (#56) * Extract kmsapi from coordinator * Add kmsapi cmd server 2022-05-10 12:35:17 +02:00			`DerivedKeyLengthDefault = 32`
Deploy KMS server image in Constellation Add image pull secret for ghcr.io 2022-04-12 14:07:17 +00:00			`// MasterSecretLengthDefault is the default length in bytes for CLI generated master secrets.`
			`MasterSecretLengthDefault = 32`
			`// MasterSecretLengthMin is the minimal length in bytes for user provided master secrets.`
			`MasterSecretLengthMin = 16`
Replace mutiple args with flags AB#1955 2022-05-04 08:50:50 +02:00
			`//`
			`// CLI.`
			`//`

			`MinControllerCount = 1`
			`MinWorkerCount = 1`
Pin kubernetes version deployed by `kubeadm init` Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-05 08:48:56 +02:00
			`//`
			`// Kubernetes.`
			`//`

			`// KubernetesVersion installed by kubeadm.`
AB#1943 Extract KMS package (#56) * Extract kmsapi from coordinator * Add kmsapi cmd server 2022-05-10 12:35:17 +02:00			`KubernetesVersion = "stable-1.23"`
Create kubernetes join token on demand Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-04 14:32:34 +02:00			`KubernetesJoinTokenTTL = 15 * time.Minute`
Deploy KMS server image in Constellation Add image pull secret for ghcr.io 2022-04-12 14:07:17 +00:00
			`//`
			`// VPN.`
			`//`

			`// WireguardAdminMTU is the MTU designated for the admin's WireGuard interface.`
			`// WireGuard doesn't support Path MTU Discovery. Thus, its default MTU can be too high on some networks.`
			`WireguardAdminMTU = 1300`
Restructure config and constants 2022-04-06 10:36:58 +02:00			`)`

Update version variable Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-01 14:21:18 +02:00			`// VersionInfo is the version of a binary. Left as a separate variable to allow override during build.`
			`var VersionInfo = "0.0.0"`