Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-28 17:54:09 -04:00
Code Issues Projects Releases Packages Wiki Activity

initserver: add client verification

Browse source
This commit is contained in:
Leonard Cohnen 2022-11-26 19:44:34 +01:00 committed by 3u13r
parent bffa5c580c
commit 3b6bc3b28f
39 changed files with 704 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

7
cli/internal/terraform/terraform/gcp/modules/instance_group/main.tf
View file

@ -15,7 +15,7 @@ locals {
resource "google_compute_instance_template" "template" {
name = local.name
machine_type = var.instance_type
tags = ["constellation-${var.uid}"]
tags = ["constellation-${var.uid}"] // Note that this is also applied as a label
labels = merge(var.labels, { constellation-role = local.role_dashed })
confidential_instance_config {
@ -41,8 +41,9 @@ resource "google_compute_instance_template" "template" {
}
metadata = {
kube-env = var.kube_env
serial-port-enable = var.debug ? "TRUE" : "FALSE"
kube-env = var.kube_env
constellation-init-secret-hash = var.init_secret_hash
serial-port-enable = var.debug ? "TRUE" : "FALSE"
}
network_interface {

5
cli/internal/terraform/terraform/gcp/modules/instance_group/variables.tf
View file

@ -59,6 +59,11 @@ variable "kube_env" {
description = "Kubernetes env."
}
variable "init_secret_hash" {
type = string
description = "Hash of the init secret."
}
variable "named_ports" {
type = list(object({ name = string, port = number }))
default = []