bootstrapper: add fallback endpoint and custom endpoint to SAN field (#2108)

terraform: collect apiserver cert SANs and support custom endpoint constants: add new constants for cluster configuration and custom endpoint cloud: support apiserver cert sans and prepare for endpoint migration on AWS config: add customEndpoint field bootstrapper: use per-CSP apiserver cert SANs cli: route customEndpoint to terraform and add migration for apiserver cert SANs bootstrapper: change interface of GetLoadBalancerEndpoint to return host and port separately
2025-12-15 16:09:39 -05:00 · 2023-07-21 16:43:51 +02:00 · 2023-07-21 16:43:51 +02:00 · 8da6a23aa5
commit 8da6a23aa5
parent 3324a4eba2
64 changed files with 724 additions and 301 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -85,6 +85,12 @@ type Config struct {
 	// description: |
 	//   Configuration for attestation validation. This configuration provides sensible defaults for the Constellation version it was created for.\nSee the docs for an overview on attestation: https://docs.edgeless.systems/constellation/architecture/attestation
 	Attestation AttestationConfig `yaml:"attestation" validate:"dive"`
+	// description: |
+	//   Optional custom endpoint (DNS name) for the Constellation API server.
+	//   This can be used to point a custom dns name at the Constellation API server
+	//   and is added to the Subject Alternative Name (SAN) field of the TLS certificate used by the API server.
+	//   A fallback to DNS name is always available.
+	CustomEndpoint string `yaml:"customEndpoint" validate:"omitempty,hostname_rfc1123"`
 }

 // ProviderConfig are cloud-provider specific configuration values used by the CLI.