AB#2190 Verification service (#232)

* Add verification service

* Update verify command to use new Constellation verification service

* Deploy verification service on cluster init

* Update pcr-reader to use verification service

* Add verification service build workflow

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

coordinator/kubernetes/k8sapi/util.go

@@ -261,6 +261,19 @@ func (k *KubernetesUtil) SetupAccessManager(kubectl Client, accessManagerConfigu
 	return kubectl.Apply(accessManagerConfiguration, true)
 }
 
+// SetupKMS deploys the KMS deployment.
+func (k *KubernetesUtil) SetupKMS(kubectl Client, kmsConfiguration resources.Marshaler) error {
+	if err := kubectl.Apply(kmsConfiguration, true); err != nil {
+		return fmt.Errorf("applying KMS configuration: %w", err)
+	}
+	return nil
+}
+
+// SetupVerificationService deploys the verification service.
+func (k *KubernetesUtil) SetupVerificationService(kubectl Client, verificationServiceConfiguration resources.Marshaler) error {
+	return kubectl.Apply(verificationServiceConfiguration, true)
+}
+
 // JoinCluster joins existing Kubernetes cluster using kubeadm join.
 func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte) error {
 	// TODO: audit policy should be user input
@@ -295,14 +308,6 @@ func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte) err
 	return nil
 }
 
-// SetupKMS deploys the KMS deployment.
-func (k *KubernetesUtil) SetupKMS(kubectl Client, kmsConfiguration resources.Marshaler) error {
-	if err := kubectl.Apply(kmsConfiguration, true); err != nil {
-		return fmt.Errorf("applying KMS configuration: %w", err)
-	}
-	return nil
-}
-
 // StartKubelet enables and starts the kubelet systemd unit.
 func (k *KubernetesUtil) StartKubelet() error {
 	ctx, cancel := context.WithTimeout(context.TODO(), kubeletStartTimeout)