Create internal package for joinservice

joinservice/README.md

@@ -1,13 +1,13 @@
-# Activation
+# Join Service
 
-Implementation for Constellation's node activation flow.
+Implementation for Constellation's node flow to join an existing cluster.
 
-The activation service runs on each control-plane node of the Kubernetes cluster.
+The join service runs on each control-plane node of the Kubernetes cluster.
-New nodes (at cluster start, or later through autoscaling) send an activation request to the service over [aTLS](../coordinator/atls/).
+New nodes (at cluster start, or later through autoscaling) send an IssueJoinTicket request to the service over [aTLS](../coordinator/atls/).
-The activation service verifies the new nodes certificate and attestation statement.
+The join service verifies the new nodes certificate and attestation statement.
 If attestation is successful, the new node is supplied with a disk encryption key for its state disk, and a Kubernetes bootstrap token, so it may join the cluster.
 
-The activation service uses klog v2 for logging.
+The join service uses klog v2 for logging.
 Use the `-v` flag to set the log verbosity level.
 Use different verbosity levels during development depending on the information:
 
@@ -21,52 +21,44 @@ Use different verbosity levels during development depending on the information:
 
 ## Packages
 
-### [activationproto](./activationproto/)
+### [joinproto](./joinproto/)
 
-Proto definitions for the activation service.
+Proto definitions for the join service.
 
-### [server](./server/)
+### [internal/server](./internal/server/)
 
 The `server` implements gRPC endpoints for joining the cluster and holds the main application logic.
 
-Connections between the activation service and joining nodes are secured using [aTLS](../internal/atls/README.md)
+Connections between the join service and joining nodes are secured using [aTLS](../internal/atls/README.md)
-
-Worker nodes call the `ActivateNode` endpoint.
 
 ```mermaid
 sequenceDiagram
     participant New Node
-    participant Activation Service
+    participant Join Service
-    New Node-->>Activation Service: aTLS Handshake (server side verification)
+    New Node-->>Join Service: aTLS Handshake (server side verification)
-    Activation Service-->>New Node: 
+    Join Service-->>New Node:
-    New Node->>+Activation Service: grpc::ActivateNode(DiskUUID)
+    New Node->>+Join Service: grpc::IssueJoinTicket(DiskUUID, NodeName, IsControlPlane)
-    Activation Service->>+KMS: grpc::GetDataKey(DiskUUID)
+    Join Service->>+KMS: grpc::GetDataKey(DiskUUID)
-    KMS->>-Activation Service: DiskEncryptionKey
+    KMS->>-Join Service: DiskEncryptionKey
-    Activation Service->>-New Node: [DiskEncryptionKey, KubernetesJoinToken]
+    Join Service->>-New Node: [DiskEncryptionKey, KubernetesJoinToken, ...]
 ```
 
-Control-plane nodes call the `ActivateCoordinator` endpoint.
+### [internal/kms](./internal/kms/)
-
-### [kms](./kms/)
 
 Implements interaction with Constellation's key management service.
 This is needed for fetching data encryption keys for joining nodes.
 
-### [kubeadm](./kubeadm/)
+### [internal/kubeadm](./internal/kubeadm/)
 
 Implements interaction with the Kubernetes API to create join tokens for new nodes.
 
-### [validator](./validator/)
+### [internal/validator](./internal/validator/)
 
 A wrapper for the more generic `atls.Validator`, allowing for updates to the underlying validator without having to restart the service.
 
-### [watcher](./watcher/)
-
-Uses fsnotify to wait for expected measurement updates, and updates the validator if any occur.
-
 ## [Dockerfile](./Dockerfile)
 
 ```shell
 export VERSION=1.0.0
-DOCKER_BUILDKIT=1 docker build --build-arg PROJECT_VERSION=${VERSION} -t ghcr.io/edgelesssys/constellation/activation-service:v${VERSION} -f activation/Dockerfile .
+DOCKER_BUILDKIT=1 docker build --build-arg PROJECT_VERSION=${VERSION} -t ghcr.io/edgelesssys/constellation/join-service:v${VERSION} -f joinservice/Dockerfile .
 ```

joinservice/cmd/main.go

@@ -11,10 +11,10 @@ import (
 	"github.com/edgelesssys/constellation/internal/grpc/atlscredentials"
 	"github.com/edgelesssys/constellation/internal/logger"
 	"github.com/edgelesssys/constellation/internal/watcher"
-	"github.com/edgelesssys/constellation/joinservice/kms"
+	"github.com/edgelesssys/constellation/joinservice/internal/kms"
-	"github.com/edgelesssys/constellation/joinservice/kubeadm"
+	"github.com/edgelesssys/constellation/joinservice/internal/kubeadm"
-	"github.com/edgelesssys/constellation/joinservice/kubernetesca"
+	"github.com/edgelesssys/constellation/joinservice/internal/kubernetesca"
-	"github.com/edgelesssys/constellation/joinservice/server"
+	"github.com/edgelesssys/constellation/joinservice/internal/server"
 	"github.com/spf13/afero"
 	"go.uber.org/zap"
 )