config: add attestation variant (#1413)

* Add attestation type to config (optional for now)

* Get attestation variant from config in CLI

* Set attestation variant for Constellation services in helm deployments

* Remove AzureCVM variable from helm deployments

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/templates/daemonset.yaml

@@ -39,6 +39,7 @@ spec:
           args:
             - --cloud-provider={{ .Values.csp }}
             - --key-service-endpoint=key-service.{{ .Release.Namespace }}:{{ .Values.global.keyServicePort }}
+            - --attestation-variant={{ .Values.attestationVariant }}
           volumeMounts:
             - mountPath: {{ .Values.global.serviceBasePath | quote }}
               name: config

cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/values.schema.json

@@ -28,13 +28,19 @@
             "description": "Salt used to generate node measurements",
             "type": "string",
             "examples": ["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"]
+        },
+        "attestationVariant": {
+            "description": "Attestation variant to use for aTLS connections.",
+            "type": "string",
+            "examples": ["azure-sev-snp", "azure-trusted-launch", "gcp-sev-es"]
         }
     },
     "required": [
         "csp",
         "measurements",
         "measurementSalt",
-        "image"
+        "image",
+        "attestationVariant"
     ],
     "if": {
         "properties": { "csp": { "const": "azure" } },

cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/values.yaml

@@ -1,3 +1,4 @@
 csp: "gcp"
+attestationVariant: ""
 joinServicePort: 9090
 joinServiceNodePort: 30090

cli/internal/helm/charts/edgeless/constellation-services/charts/verification-service/templates/daemonset.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
       - args:
-        - --cloud-provider={{ .Values.csp }}
+        - --attestation-variant={{ .Values.attestationVariant }}
         image: {{ .Values.image | quote }}
         name: verification-service
         ports:

cli/internal/helm/charts/edgeless/constellation-services/charts/verification-service/values.schema.json

@@ -1,10 +1,6 @@
 {
     "$schema": "https://json-schema.org/draft-07/schema#",
     "properties": {
-        "csp": {
-            "description": "CSP to which the chart is deployed.",
-            "enum": ["Azure", "GCP", "AWS", "QEMU"]
-        },
         "image": {
             "description": "Container image to use for the spawned pods.",
             "type": "string",
@@ -13,12 +9,17 @@
         "loadBalancerIP": {
             "description": "IP of the k8s LB service",
             "type": "string"
+        },
+        "attestationVariant": {
+            "description": "Attestation variant to use for aTLS connections.",
+            "type": "string",
+            "examples": ["azure-sev-snp", "azure-trusted-launch", "gcp-sev-es"]
         }
     },
     "required": [
-        "csp",
         "image",
-        "loadBalancerIP"
+        "loadBalancerIP",
+        "attestationVariant"
     ],
     "title": "Values",
     "type": "object"

cli/internal/helm/charts/edgeless/constellation-services/charts/verification-service/values.yaml

@@ -1,3 +1,5 @@
+image: ""
+attestationVariant: ""
 httpContainerPort: 8080
 grpcContainerPort: 9090
 httpNodePort: 30080