AB#2190 Verification service (#232)

* Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-05-10 18:25:11 -04:00 · 2022-06-28 17:03:28 +02:00 · 2022-06-28 17:03:28 +02:00 · 042f668d20
commit 042f668d20
parent b10b13b173
32 changed files with 1365 additions and 281 deletions
--- a/coordinator/kubernetes/k8sapi/resources/activation.go
+++ b/coordinator/kubernetes/k8sapi/resources/activation.go
@ -12,8 +12,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 )

-const activationImage = "ghcr.io/edgelesssys/constellation/activation-service:latest"
-
 type activationDaemonset struct {
 	ClusterRole        rbac.ClusterRole
 	ClusterRoleBinding rbac.ClusterRoleBinding
@ -111,6 +109,11 @@ func NewActivationDaemonset(csp, measurementsJSON, idJSON string) *activationDae
 								Value:    "true",
 								Effect:   k8s.TaintEffectNoSchedule,
 							},
+							{
+								Key:      "node-role.kubernetes.io/control-plane",
+								Operator: k8s.TolerationOpExists,
+								Effect:   k8s.TaintEffectNoSchedule,
+							},
 							{
 								Operator: k8s.TolerationOpExists,
 								Effect:   k8s.TaintEffectNoExecute,