Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-06 05:54:28 -04:00
Code Issues Projects Releases Packages Wiki Activity

AB#2436: Initial support for create/terminate AWS NitroTPM instances

Browse source 
* Add .DS_Store to .gitignore

* Add AWS to config / supported instance types

* Move AWS terraform skeleton to cli/internal/terraform

* Move currently unused IAM to hack/terraform/aws

* Print supported AWS instance types when AWS dev flag is set

* Block everything aTLS related (e.g. init, verify) until AWS attestation is available

* Create/Terminate AWS dev cluster when dev flag is set

* Restrict Nitro instances to NitroTPM supported specifically

* Pin zone for subnets

This is not great for HA, but for now we need to avoid the two subnets
ending up in different zones, causing the load balancer to not be able
to connect to the targets.

Should be replaced later with a better implementation that just uses
multiple subnets within the same region dynamically
based on # of nodes or similar.

* Add AWS/GCP to Terraform TestLoader unit test

* Add uid tag and create log group

Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
This commit is contained in:
Nils Hanke 2022-10-21 12:24:18 +02:00 committed by GitHub
parent 07f02a442c
commit 04c4cff9f6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
31 changed files with 940 additions and 314 deletions
Download patch file Download diff file Expand all files Collapse all files

93
internal/config/config_doc.go
View file

@ -15,6 +15,7 @@ var (
UpgradeConfigDoc encoder.Doc
UserKeyDoc encoder.Doc
ProviderConfigDoc encoder.Doc
AWSConfigDoc encoder.Doc
AzureConfigDoc encoder.Doc
GCPConfigDoc encoder.Doc
QEMUConfigDoc encoder.Doc
@ -120,22 +121,83 @@ func init() {
FieldName: "provider",
},
}
ProviderConfigDoc.Fields = make([]encoder.Doc, 3)
ProviderConfigDoc.Fields[0].Name = "azure"
ProviderConfigDoc.Fields[0].Type = "AzureConfig"
ProviderConfigDoc.Fields = make([]encoder.Doc, 4)
ProviderConfigDoc.Fields[0].Name = "aws"
ProviderConfigDoc.Fields[0].Type = "AWSConfig"
ProviderConfigDoc.Fields[0].Note = ""
ProviderConfigDoc.Fields[0].Description = "Configuration for Azure as provider."
ProviderConfigDoc.Fields[0].Comments[encoder.LineComment] = "Configuration for Azure as provider."
ProviderConfigDoc.Fields[1].Name = "gcp"
ProviderConfigDoc.Fields[1].Type = "GCPConfig"
ProviderConfigDoc.Fields[0].Description = "Configuration for AWS as provider."
ProviderConfigDoc.Fields[0].Comments[encoder.LineComment] = "Configuration for AWS as provider."
ProviderConfigDoc.Fields[1].Name = "azure"
ProviderConfigDoc.Fields[1].Type = "AzureConfig"
ProviderConfigDoc.Fields[1].Note = ""
ProviderConfigDoc.Fields[1].Description = "Configuration for Google Cloud as provider."
ProviderConfigDoc.Fields[1].Comments[encoder.LineComment] = "Configuration for Google Cloud as provider."
ProviderConfigDoc.Fields[2].Name = "qemu"
ProviderConfigDoc.Fields[2].Type = "QEMUConfig"
ProviderConfigDoc.Fields[1].Description = "Configuration for Azure as provider."
ProviderConfigDoc.Fields[1].Comments[encoder.LineComment] = "Configuration for Azure as provider."
ProviderConfigDoc.Fields[2].Name = "gcp"
ProviderConfigDoc.Fields[2].Type = "GCPConfig"
ProviderConfigDoc.Fields[2].Note = ""
ProviderConfigDoc.Fields[2].Description = "Configuration for QEMU as provider."
ProviderConfigDoc.Fields[2].Comments[encoder.LineComment] = "Configuration for QEMU as provider."
ProviderConfigDoc.Fields[2].Description = "Configuration for Google Cloud as provider."
ProviderConfigDoc.Fields[2].Comments[encoder.LineComment] = "Configuration for Google Cloud as provider."
ProviderConfigDoc.Fields[3].Name = "qemu"
ProviderConfigDoc.Fields[3].Type = "QEMUConfig"
ProviderConfigDoc.Fields[3].Note = ""
ProviderConfigDoc.Fields[3].Description = "Configuration for QEMU as provider."
ProviderConfigDoc.Fields[3].Comments[encoder.LineComment] = "Configuration for QEMU as provider."
AWSConfigDoc.Type = "AWSConfig"
AWSConfigDoc.Comments[encoder.LineComment] = "AWSConfig are AWS specific configuration values used by the CLI."
AWSConfigDoc.Description = "AWSConfig are AWS specific configuration values used by the CLI."
AWSConfigDoc.AppearsIn = []encoder.Appearance{
{
TypeName: "ProviderConfig",
FieldName: "aws",
},
}
AWSConfigDoc.Fields = make([]encoder.Doc, 9)
AWSConfigDoc.Fields[0].Name = "region"
AWSConfigDoc.Fields[0].Type = "string"
AWSConfigDoc.Fields[0].Note = ""
AWSConfigDoc.Fields[0].Description = "AWS data center region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions"
AWSConfigDoc.Fields[0].Comments[encoder.LineComment] = "AWS data center region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions"
AWSConfigDoc.Fields[1].Name = "zone"
AWSConfigDoc.Fields[1].Type = "string"
AWSConfigDoc.Fields[1].Note = ""
AWSConfigDoc.Fields[1].Description = "AWS data center zone name in defined region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones"
AWSConfigDoc.Fields[1].Comments[encoder.LineComment] = "AWS data center zone name in defined region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones"
AWSConfigDoc.Fields[2].Name = "image"
AWSConfigDoc.Fields[2].Type = "string"
AWSConfigDoc.Fields[2].Note = ""
AWSConfigDoc.Fields[2].Description = "AMI ID of the machine image used to create Constellation nodes."
AWSConfigDoc.Fields[2].Comments[encoder.LineComment] = "AMI ID of the machine image used to create Constellation nodes."
AWSConfigDoc.Fields[3].Name = "instanceType"
AWSConfigDoc.Fields[3].Type = "string"
AWSConfigDoc.Fields[3].Note = ""
AWSConfigDoc.Fields[3].Description = "VM instance type to use for Constellation nodes. Needs to support NitroTPM. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html"
AWSConfigDoc.Fields[3].Comments[encoder.LineComment] = "VM instance type to use for Constellation nodes. Needs to support NitroTPM. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html"
AWSConfigDoc.Fields[4].Name = "stateDiskType"
AWSConfigDoc.Fields[4].Type = "string"
AWSConfigDoc.Fields[4].Note = ""
AWSConfigDoc.Fields[4].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html"
AWSConfigDoc.Fields[4].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html"
AWSConfigDoc.Fields[5].Name = "iamProfileControlPlane"
AWSConfigDoc.Fields[5].Type = "string"
AWSConfigDoc.Fields[5].Note = ""
AWSConfigDoc.Fields[5].Description = "Name of the IAM profile to use for the control plane nodes."
AWSConfigDoc.Fields[5].Comments[encoder.LineComment] = "Name of the IAM profile to use for the control plane nodes."
AWSConfigDoc.Fields[6].Name = "iamProfileWorkerNodes"
AWSConfigDoc.Fields[6].Type = "string"
AWSConfigDoc.Fields[6].Note = ""
AWSConfigDoc.Fields[6].Description = "Name of the IAM profile to use for the worker nodes."
AWSConfigDoc.Fields[6].Comments[encoder.LineComment] = "Name of the IAM profile to use for the worker nodes."
AWSConfigDoc.Fields[7].Name = "measurements"
AWSConfigDoc.Fields[7].Type = "Measurements"
AWSConfigDoc.Fields[7].Note = ""
AWSConfigDoc.Fields[7].Description = "Expected VM measurements."
AWSConfigDoc.Fields[7].Comments[encoder.LineComment] = "Expected VM measurements."
AWSConfigDoc.Fields[8].Name = "enforcedMeasurements"
AWSConfigDoc.Fields[8].Type = "[]uint32"
AWSConfigDoc.Fields[8].Note = ""
AWSConfigDoc.Fields[8].Description = "List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning."
AWSConfigDoc.Fields[8].Comments[encoder.LineComment] = "List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning."
AzureConfigDoc.Type = "AzureConfig"
AzureConfigDoc.Comments[encoder.LineComment] = "AzureConfig are Azure specific configuration values used by the CLI."
@ -367,6 +429,10 @@ func (_ ProviderConfig) Doc() *encoder.Doc {
return &ProviderConfigDoc
}
func (_ AWSConfig) Doc() *encoder.Doc {
return &AWSConfigDoc
}
func (_ AzureConfig) Doc() *encoder.Doc {
return &AzureConfigDoc
}
@ -389,6 +455,7 @@ func GetConfigurationDoc() *encoder.FileDoc {
&UpgradeConfigDoc,
&UserKeyDoc,
&ProviderConfigDoc,
&AWSConfigDoc,
&AzureConfigDoc,
&GCPConfigDoc,
&QEMUConfigDoc,