AB#2190 Verification service (#232)

* Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-08-12 16:55:31 -04:00 · 2022-06-28 17:03:28 +02:00 · 2022-06-28 17:03:28 +02:00 · 042f668d20
commit 042f668d20
parent b10b13b173
32 changed files with 1365 additions and 281 deletions
--- a/coordinator/kubernetes/k8sapi/resources/kms.go
+++ b/coordinator/kubernetes/k8sapi/resources/kms.go
@ -22,10 +22,6 @@ type kmsDeployment struct {
 	ImagePullSecret    k8s.Secret
 }

-const (
-	kmsImage = "ghcr.io/edgelesssys/constellation/kmsserver:latest"
-)
-
 // NewKMSDeployment creates a new *kmsDeployment to use as the key management system inside Constellation.
 func NewKMSDeployment(masterSecret []byte) *kmsDeployment {
 	return &kmsDeployment{
@ -140,6 +136,11 @@ func NewKMSDeployment(masterSecret []byte) *kmsDeployment {
 								Value:    "true",
 								Effect:   k8s.TaintEffectNoSchedule,
 							},
+							{
+								Key:      "node-role.kubernetes.io/control-plane",
+								Operator: k8s.TolerationOpExists,
+								Effect:   k8s.TaintEffectNoSchedule,
+							},
 							{
 								Operator: k8s.TolerationOpExists,
 								Effect:   k8s.TaintEffectNoExecute,