Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-09 11:28:29 -05:00
Code Issues Packages Projects Releases Wiki Activity

Rename all activation

Browse Source
This commit is contained in:
katexochen 2022-07-05 14:13:19 +02:00 committed by Paul Meyer
parent 2083d37b11
commit 1af18e990d
21 changed files with 83 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/build-activation-image.yml vendored
View File

@ -1,4 +1,4 @@
name: Build and upload activation-service image
name: Build and upload join-service image
on:
workflow_dispatch:
@ -6,7 +6,7 @@ on:
branches:
- main
paths:
- "activation/**"
- "joinservice/**"
- "internal/atls/**"
- "internal/attestation/**"
- "internal/constants/**"
@ -20,7 +20,7 @@ concurrency:
cancel-in-progress: true
jobs:
build-activation-service:
build-join-service:
runs-on: ubuntu-latest
permissions:
contents: read
@ -30,11 +30,11 @@ jobs:
id: checkout
uses: actions/checkout@v3
- name: Build and upload activation-service container image
- name: Build and upload join-service container image
id: build-and-upload
uses: ./.github/actions/build_micro_service
with:
name: activation-service
projectVersion: "0.0.0"
dockerfile: activation/Dockerfile
name: join-service
projectVersion: '0.0.0'
dockerfile: joinservice/Dockerfile
githubToken: ${{ secrets.GITHUB_TOKEN }}

8
.github/workflows/build-micro-service-manual.yml vendored
View File

@ -8,7 +8,7 @@ on:
type: choice
options:
- 'access-manager'
- 'activation-service'
- 'join-service'
- 'kmsserver'
- 'verification-service'
required: true
@ -40,15 +40,15 @@ jobs:
case "${{ inputs.microService }}" in
"access-manager" )
echo "microServiceDockerfile=access_manager/Dockerfile" >> $GITHUB_ENV ;;
"activation-service" )
echo "microServiceDockerfile=activation/Dockerfile" >> $GITHUB_ENV ;;
"join-service" )
echo "microServiceDockerfile=joinservice/Dockerfile" >> $GITHUB_ENV ;;
"kmsserver" )
echo "microServiceDockerfile=kms/Dockerfile" >> $GITHUB_ENV ;;
"verification-service" )
echo "microServiceDockerfile=verify/Dockerfile" >> $GITHUB_ENV ;;
esac
- name: Build and upload activation-service container image
- name: Build and upload join-service container image
id: build-and-upload
uses: ./.github/actions/build_micro_service
with:

2
.github/workflows/build-verification-service.yml vendored
View File

@ -11,7 +11,7 @@ on:
- "internal/constants/**"
jobs:
build-activation-service:
build-verification-service:
runs-on: ubuntu-latest
permissions:
contents: read

6
bootstrapper/cmd/bootstrapper/run.go
View File

@ -28,12 +28,12 @@ func run(issuer quoteIssuer, tpm vtpm.TPMOpenFunc, fileHandler file.Handler,
defer cloudLogger.Close()
cloudLogger.Disclose("bootstrapper started running...")
nodeActivated, err := vtpm.IsNodeInitialized(tpm)
nodeBootstrapped, err := vtpm.IsNodeBootstrapped(tpm)
if err != nil {
logger.Fatal("failed to check for previous activation using vTPM", zap.Error(err))
logger.Fatal("failed to check for previous bootstrapping using vTPM", zap.Error(err))
}
if nodeActivated {
if nodeBootstrapped {
if err := kube.StartKubelet(); err != nil {
logger.Fatal("failed to restart kubelet", zap.Error(err))
}

10
bootstrapper/internal/joinclient/client.go
View File

@ -65,7 +65,7 @@ func New(lock *nodelock.Lock, dial grpcDialer, joiner ClusterJoiner, meta Metada
dialer: dial,
joiner: joiner,
metadataAPI: meta,
log: log.Named("selfactivation-client"),
log: log.Named("join-client"),
}
}
@ -116,15 +116,15 @@ func (c *JoinClient) Start() {
}
for {
err := c.tryJoinAtAvailableServices()
err := c.tryJoinWithAvailableServices()
if err == nil {
c.log.Info("Activated successfully. SelfActivationClient shut down.")
c.log.Info("Joined successfully. Client is shut down.")
return
} else if isUnrecoverable(err) {
c.log.Error("Unrecoverable error occurred", zap.Error(err))
return
}
c.log.Info("Activation failed for all available endpoints", zap.Error(err))
c.log.Info("Join failed for all available endpoints", zap.Error(err))
c.log.Info("Sleeping", zap.Duration("interval", c.interval))
select {
@ -156,7 +156,7 @@ func (c *JoinClient) Stop() {
c.log.Info("Stopped")
}
func (c *JoinClient) tryJoinAtAvailableServices() error {
func (c *JoinClient) tryJoinWithAvailableServices() error {
ips, err := c.getControlPlaneIPs()
if err != nil {
return err

2
bootstrapper/internal/kubernetes/k8sapi/resources/images.go
View File

@ -2,7 +2,7 @@ package resources
const (
// Constellation images.
activationImage = "ghcr.io/edgelesssys/constellation/activation-service:v1.2"
joinImage = "ghcr.io/edgelesssys/constellation/join-service:v1.2"
accessManagerImage = "ghcr.io/edgelesssys/constellation/access-manager:v1.2"
kmsImage = "ghcr.io/edgelesssys/constellation/kmsserver:v1.2"
verificationImage = "ghcr.io/edgelesssys/constellation/verification-service:v1.2"

52
bootstrapper/internal/kubernetes/k8sapi/resources/activation.go → bootstrapper/internal/kubernetes/k8sapi/resources/joinservice.go
View File

@ -12,7 +12,7 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
)
type activationDaemonset struct {
type joinServiceDaemonset struct {
ClusterRole rbac.ClusterRole
ClusterRoleBinding rbac.ClusterRoleBinding
ConfigMap k8s.ConfigMap
@ -21,18 +21,18 @@ type activationDaemonset struct {
Service k8s.Service
}
// NewActivationDaemonset returns a daemonset for the activation service.
func NewActivationDaemonset(csp, measurementsJSON, idJSON string) *activationDaemonset {
return &activationDaemonset{
// NewJoinServiceDaemonset returns a daemonset for the join service.
func NewJoinServiceDaemonset(csp, measurementsJSON, idJSON string) *joinServiceDaemonset {
return &joinServiceDaemonset{
ClusterRole: rbac.ClusterRole{
TypeMeta: meta.TypeMeta{
APIVersion: "rbac.authorization.k8s.io/v1",
Kind: "ClusterRole",
},
ObjectMeta: meta.ObjectMeta{
Name: "activation-service",
Name: "join-service",
Labels: map[string]string{
"k8s-app": "activation-service",
"k8s-app": "join-service",
},
},
Rules: []rbac.PolicyRule{
@ -54,17 +54,17 @@ func NewActivationDaemonset(csp, measurementsJSON, idJSON string) *activationDae
Kind: "ClusterRoleBinding",
},
ObjectMeta: meta.ObjectMeta{
Name: "activation-service",
Name: "join-service",
},
RoleRef: rbac.RoleRef{
APIGroup: "rbac.authorization.k8s.io",
Kind: "ClusterRole",
Name: "activation-service",
Name: "join-service",
},
Subjects: []rbac.Subject{
{
Kind: "ServiceAccount",
Name: "activation-service",
Name: "join-service",
Namespace: "kube-system",
},
},
@ -75,29 +75,29 @@ func NewActivationDaemonset(csp, measurementsJSON, idJSON string) *activationDae
Kind: "DaemonSet",
},
ObjectMeta: meta.ObjectMeta{
Name: "activation-service",
Name: "join-service",
Namespace: "kube-system",
Labels: map[string]string{
"k8s-app": "activation-service",
"component": "activation-service",
"k8s-app": "join-service",
"component": "join-service",
"kubernetes.io/cluster-service": "true",
},
},
Spec: apps.DaemonSetSpec{
Selector: &meta.LabelSelector{
MatchLabels: map[string]string{
"k8s-app": "activation-service",
"k8s-app": "join-service",
},
},
Template: k8s.PodTemplateSpec{
ObjectMeta: meta.ObjectMeta{
Labels: map[string]string{
"k8s-app": "activation-service",
"k8s-app": "join-service",
},
},
Spec: k8s.PodSpec{
PriorityClassName: "system-cluster-critical",
ServiceAccountName: "activation-service",
ServiceAccountName: "join-service",
Tolerations: []k8s.Toleration{
{
Key: "CriticalAddonsOnly",
@ -134,11 +134,11 @@ func NewActivationDaemonset(csp, measurementsJSON, idJSON string) *activationDae
},
Containers: []k8s.Container{
{
Name: "activation-service",
Image: activationImage,
Name: "join-service",
Image: joinImage,
Ports: []k8s.ContainerPort{
{
ContainerPort: constants.ActivationServicePort,
ContainerPort: constants.JoinServicePort,
Name: "tcp",
},
},
@ -169,7 +169,7 @@ func NewActivationDaemonset(csp, measurementsJSON, idJSON string) *activationDae
VolumeSource: k8s.VolumeSource{
ConfigMap: &k8s.ConfigMapVolumeSource{
LocalObjectReference: k8s.LocalObjectReference{
Name: "activation-config",
Name: "join-config",
},
},
},
@ -193,7 +193,7 @@ func NewActivationDaemonset(csp, measurementsJSON, idJSON string) *activationDae
Kind: "ServiceAccount",
},
ObjectMeta: meta.ObjectMeta{
Name: "activation-service",
Name: "join-service",
Namespace: "kube-system",
},
},
@ -203,7 +203,7 @@ func NewActivationDaemonset(csp, measurementsJSON, idJSON string) *activationDae
Kind: "Service",
},
ObjectMeta: meta.ObjectMeta{
Name: "activation-service",
Name: "join-service",
Namespace: "kube-system",
},
Spec: k8s.ServiceSpec{
@ -212,13 +212,13 @@ func NewActivationDaemonset(csp, measurementsJSON, idJSON string) *activationDae
{
Name: "grpc",
Protocol: k8s.ProtocolTCP,
Port: constants.ActivationServicePort,
TargetPort: intstr.IntOrString{IntVal: constants.ActivationServicePort},
Port: constants.JoinServicePort,
TargetPort: intstr.IntOrString{IntVal: constants.JoinServicePort},
NodePort: constants.JoinServiceNodePort,
},
},
Selector: map[string]string{
"k8s-app": "activation-service",
"k8s-app": "join-service",
},
},
},
@ -228,7 +228,7 @@ func NewActivationDaemonset(csp, measurementsJSON, idJSON string) *activationDae
Kind: "ConfigMap",
},
ObjectMeta: meta.ObjectMeta{
Name: "activation-config",
Name: "join-config",
Namespace: "kube-system",
},
Data: map[string]string{
@ -240,6 +240,6 @@ func NewActivationDaemonset(csp, measurementsJSON, idJSON string) *activationDae
}
// Marshal the daemonset using the Kubernetes resource marshaller.
func (a *activationDaemonset) Marshal() ([]byte, error) {
func (a *joinServiceDaemonset) Marshal() ([]byte, error) {
return MarshalK8SResources(a)
}

6
bootstrapper/internal/kubernetes/k8sapi/resources/activation_test.go → bootstrapper/internal/kubernetes/k8sapi/resources/joinservice_test.go
View File

@ -7,12 +7,12 @@ import (
"github.com/stretchr/testify/require"
)
func TestNewActivationDaemonset(t *testing.T) {
deployment := NewActivationDaemonset("csp", "measurementsJSON", "idJSON")
func TestNewJoinServiceDaemonset(t *testing.T) {
deployment := NewJoinServiceDaemonset("csp", "measurementsJSON", "idJSON")
deploymentYAML, err := deployment.Marshal()
require.NoError(t, err)
var recreated activationDaemonset
var recreated joinServiceDaemonset
require.NoError(t, UnmarshalK8SResources(deploymentYAML, &recreated))
assert.Equal(t, deployment, &recreated)
}

2
bootstrapper/internal/kubernetes/k8sapi/resources/kms.go
View File

@ -194,7 +194,7 @@ func NewKMSDeployment(csp string, masterSecret []byte) *kmsDeployment {
{
ConfigMap: &k8s.ConfigMapProjection{
LocalObjectReference: k8s.LocalObjectReference{
Name: "activation-config",
Name: "join-config",
},
Items: []k8s.KeyToPath{
{

6
bootstrapper/internal/kubernetes/k8sapi/util.go
View File

@ -232,9 +232,9 @@ func (k *KubernetesUtil) SetupAutoscaling(kubectl Client, clusterAutoscalerConfi
return kubectl.Apply(clusterAutoscalerConfiguration, true)
}
// SetupActivationService deploys the Constellation node activation service.
func (k *KubernetesUtil) SetupActivationService(kubectl Client, activationServiceConfiguration resources.Marshaler) error {
return kubectl.Apply(activationServiceConfiguration, true)
// SetupJoinService deploys the Constellation node join service.
func (k *KubernetesUtil) SetupJoinService(kubectl Client, joinServiceConfiguration resources.Marshaler) error {
return kubectl.Apply(joinServiceConfiguration, true)
}
// SetupCloudControllerManager deploys the k8s cloud-controller-manager.

2
bootstrapper/internal/kubernetes/k8sutil.go
View File

@ -16,7 +16,7 @@ type clusterUtil interface {
SetupPodNetwork(context.Context, k8sapi.SetupPodNetworkInput) error
SetupAccessManager(kubectl k8sapi.Client, sshUsers resources.Marshaler) error
SetupAutoscaling(kubectl k8sapi.Client, clusterAutoscalerConfiguration resources.Marshaler, secrets resources.Marshaler) error
SetupActivationService(kubectl k8sapi.Client, activationServiceConfiguration resources.Marshaler) error
SetupJoinService(kubectl k8sapi.Client, joinServiceConfiguration resources.Marshaler) error
SetupCloudControllerManager(kubectl k8sapi.Client, cloudControllerManagerConfiguration resources.Marshaler, configMaps resources.Marshaler, secrets resources.Marshaler) error
SetupCloudNodeManager(kubectl k8sapi.Client, cloudNodeManagerConfiguration resources.Marshaler) error
SetupKMS(kubectl k8sapi.Client, kmsConfiguration resources.Marshaler) error

10
bootstrapper/internal/kubernetes/kubernetes.go
View File

@ -162,8 +162,8 @@ func (k *KubeWrapper) InitCluster(
return nil, fmt.Errorf("setting up kms: %w", err)
}
if err := k.setupActivationService(k.cloudProvider, k.initialMeasurementsJSON, id); err != nil {
return nil, fmt.Errorf("setting up activation service failed: %w", err)
if err := k.setupJoinService(k.cloudProvider, k.initialMeasurementsJSON, id); err != nil {
return nil, fmt.Errorf("setting up join service failed: %w", err)
}
if err := k.setupCCM(ctx, subnetworkPodCIDR, cloudServiceAccountURI, instance); err != nil {
@ -268,15 +268,15 @@ func (k *KubeWrapper) GetJoinToken(ctx context.Context, ttl time.Duration) (*kub
return k.clusterUtil.CreateJoinToken(ctx, ttl)
}
func (k *KubeWrapper) setupActivationService(csp string, measurementsJSON []byte, id attestationtypes.ID) error {
func (k *KubeWrapper) setupJoinService(csp string, measurementsJSON []byte, id attestationtypes.ID) error {
idJSON, err := json.Marshal(id)
if err != nil {
return err
}
activationConfiguration := resources.NewActivationDaemonset(csp, string(measurementsJSON), string(idJSON))
joinConfiguration := resources.NewJoinServiceDaemonset(csp, string(measurementsJSON), string(idJSON))
return k.clusterUtil.SetupActivationService(k.client, activationConfiguration)
return k.clusterUtil.SetupJoinService(k.client, joinConfiguration)
}
func (k *KubeWrapper) setupCCM(ctx context.Context, subnetworkPodCIDR, cloudServiceAccountURI string, instance metadata.InstanceMetadata) error {

10
bootstrapper/internal/kubernetes/kubernetes_test.go
View File

@ -173,8 +173,8 @@ func TestInitCluster(t *testing.T) {
ClusterAutoscaler: &stubClusterAutoscaler{},
wantErr: true,
},
"kubeadm init fails when setting up the activation service": {
clusterUtil: stubClusterUtil{setupActivationServiceError: someErr},
"kubeadm init fails when setting up the join service": {
clusterUtil: stubClusterUtil{setupJoinServiceError: someErr},
kubeconfigReader: &stubKubeconfigReader{
Kubeconfig: []byte("someKubeconfig"),
},
@ -506,7 +506,7 @@ type stubClusterUtil struct {
initClusterErr error
setupPodNetworkErr error
setupAutoscalingError error
setupActivationServiceError error
setupJoinServiceError error
setupCloudControllerManagerError error
setupCloudNodeManagerError error
setupKMSError error
@ -539,8 +539,8 @@ func (s *stubClusterUtil) SetupAutoscaling(kubectl k8sapi.Client, clusterAutosca
return s.setupAutoscalingError
}
func (s *stubClusterUtil) SetupActivationService(kubectl k8sapi.Client, activationServiceConfiguration resources.Marshaler) error {
return s.setupActivationServiceError
func (s *stubClusterUtil) SetupJoinService(kubectl k8sapi.Client, joinServiceConfiguration resources.Marshaler) error {
return s.setupJoinServiceError
}
func (s *stubClusterUtil) SetupCloudControllerManager(kubectl k8sapi.Client, cloudControllerManagerConfiguration resources.Marshaler, configMaps resources.Marshaler, secrets resources.Marshaler) error {

8
internal/attestation/vtpm/initialize.go
View File

@ -17,8 +17,8 @@ const (
PCRIndexClusterID = tpmutil.Handle(12)
)
// MarkNodeAsInitialized marks a node as initialized by extending PCRs.
func MarkNodeAsInitialized(openTPM TPMOpenFunc, ownerID, clusterID []byte) error {
// MarkNodeAsBootstrapped marks a node as initialized by extending PCRs.
func MarkNodeAsBootstrapped(openTPM TPMOpenFunc, ownerID, clusterID []byte) error {
tpm, err := openTPM()
if err != nil {
return err
@ -33,8 +33,8 @@ func MarkNodeAsInitialized(openTPM TPMOpenFunc, ownerID, clusterID []byte) error
return tpm2.PCREvent(tpm, PCRIndexClusterID, clusterID)
}
// IsNodeInitialized checks if a node is already initialized by reading PCRs.
func IsNodeInitialized(openTPM TPMOpenFunc) (bool, error) {
// IsNodeBootstrapped checks if a node is already bootestrapped by reading PCRs.
func IsNodeBootstrapped(openTPM TPMOpenFunc) (bool, error) {
tpm, err := openTPM()
if err != nil {
return false, err

6
internal/attestation/vtpm/initialize_test.go
View File

@ -31,7 +31,7 @@ func TestMarkNodeAsInitialized(t *testing.T) {
pcrs, err := client.ReadAllPCRs(tpm)
require.NoError(err)
assert.NoError(MarkNodeAsInitialized(func() (io.ReadWriteCloser, error) {
assert.NoError(MarkNodeAsBootstrapped(func() (io.ReadWriteCloser, error) {
return &simTPMNOPCloser{tpm}, nil
}, []byte{0x0, 0x1, 0x2, 0x3}, []byte{0x4, 0x5, 0x6, 0x7}))
@ -47,7 +47,7 @@ func TestMarkNodeAsInitialized(t *testing.T) {
func TestFailOpener(t *testing.T) {
assert := assert.New(t)
assert.Error(MarkNodeAsInitialized(func() (io.ReadWriteCloser, error) { return nil, errors.New("failed") }, []byte{0x0, 0x1, 0x2, 0x3}, []byte{0x0, 0x1, 0x2, 0x3}))
assert.Error(MarkNodeAsBootstrapped(func() (io.ReadWriteCloser, error) { return nil, errors.New("failed") }, []byte{0x0, 0x1, 0x2, 0x3}, []byte{0x0, 0x1, 0x2, 0x3}))
}
func TestIsNodeInitialized(t *testing.T) {
@ -86,7 +86,7 @@ func TestIsNodeInitialized(t *testing.T) {
if tc.pcrValueClusterID != nil {
require.NoError(tpm2.PCREvent(tpm, PCRIndexClusterID, tc.pcrValueClusterID))
}
initialized, err := IsNodeInitialized(func() (io.ReadWriteCloser, error) {
initialized, err := IsNodeBootstrapped(func() (io.ReadWriteCloser, error) {
return &simTPMNOPCloser{tpm}, nil
})
if tc.wantErr {

2
internal/attestation/vtpm/vtpm_test.go
View File

@ -14,5 +14,5 @@ func TestMain(m *testing.M) {
func TestNOPTPM(t *testing.T) {
assert := assert.New(t)
assert.NoError(MarkNodeAsInitialized(OpenNOPTPM, []byte{0x0, 0x1, 0x2, 0x3}, []byte{0x4, 0x5, 0x6, 0x7}))
assert.NoError(MarkNodeAsBootstrapped(OpenNOPTPM, []byte{0x0, 0x1, 0x2, 0x3}, []byte{0x4, 0x5, 0x6, 0x7}))
}

6
internal/constants/constants.go
View File

@ -22,9 +22,9 @@ const (
// Ports.
//
// ActivationServiePort is the port for reaching the activation service within Kubernetes.
ActivationServicePort = 9090
// JoinServiceNodePort is the port for reaching the activation service outside of Kubernetes.
// JoinServicePort is the port for reaching the join service within Kubernetes.
JoinServicePort = 9090
// JoinServiceNodePort is the port for reaching the join service outside of Kubernetes.
JoinServiceNodePort = 30090
VerifyServicePortHTTP = 8080
VerifyServicePortGRPC = 9090

4
joinservice/cmd/main.go
View File

@ -28,7 +28,7 @@ func main() {
log := logger.New(logger.JSONLog, logger.VerbosityFromInt(*verbosity))
log.With(zap.String("version", constants.VersionInfo), zap.String("cloudProvider", *provider)).
Infof("Constellation Node Activation Service")
Infof("Constellation Node Join Service")
handler := file.NewHandler(afero.NewOsFs())
@ -67,7 +67,7 @@ func main() {
}
}()
if err := server.Run(creds, strconv.Itoa(constants.ActivationServicePort)); err != nil {
if err := server.Run(creds, strconv.Itoa(constants.JoinServicePort)); err != nil {
log.With(zap.Error(err)).Fatalf("Failed to run server")
}
}

2
joinservice/internal/kubeadm/kubeadm.go
View File

@ -63,7 +63,7 @@ func (k *Kubeadm) GetJoinToken(ttl time.Duration) (*kubeadm.BootstrapTokenDiscov
}
token := bootstraptoken.BootstrapToken{
Token: tokenStr,
Description: "Bootstrap token generated by Constellation's Activation service",
Description: "Bootstrap token generated by Constellation's Join service",
TTL: &metav1.Duration{Duration: ttl},
}

6
joinservice/internal/server/server.go
View File

@ -22,7 +22,7 @@ import (
kubeadmv1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3"
)
// Server implements the core logic of Constellation's node activation service.
// Server implements the core logic of Constellation's node join service.
type Server struct {
log *logger.Logger
file file.Handler
@ -57,11 +57,11 @@ func (s *Server) Run(creds credentials.TransportCredentials, port string) error
if err != nil {
return fmt.Errorf("failed to listen: %s", err)
}
s.log.Infof("Starting activation service on %s", lis.Addr().String())
s.log.Infof("Starting join service on %s", lis.Addr().String())
return grpcServer.Serve(lis)
}
// IssueJoinTicket handles activation requests of Constellation nodes.
// IssueJoinTicket handles join requests of Constellation nodes.
// A node will receive:
// - stateful disk encryption key.
// - Kubernetes join token.

2
state/setup/setup.go
View File

@ -83,7 +83,7 @@ getKey:
}
// taint the node as initialized
if err := vtpm.MarkNodeAsInitialized(s.openTPM, ownerID, clusterID); err != nil {
if err := vtpm.MarkNodeAsBootstrapped(s.openTPM, ownerID, clusterID); err != nil {
return err
}