Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-19 21:38:44 -04:00
Code Issues Projects Releases Packages Wiki Activity

kms: rename kms to keyservice

Browse source 
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
This commit is contained in:
Otto Bittner 2023-01-11 10:08:57 +01:00
parent 67f8336b9d
commit 90b88e1cf9
101 changed files with 313 additions and 319 deletions
Download patch file Download diff file Expand all files Collapse all files

2
cli/internal/helm/testdata/Azure/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml vendored
View file

@ -107,7 +107,7 @@ spec:
- "--allow-empty-cloud-config=true"
- "--support-zone=true"
- "--get-node-info-from-labels=false"
- "--kms-addr=kms.testNamespace:9000"
- "--kms-addr=keyservice.testNamespace:9000"
ports:
- containerPort: 29603
name: healthz

2
cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/daemonset.yaml vendored
View file

@ -38,7 +38,7 @@ spec:
image: joinServiceImage
args:
- --cloud-provider=Azure
- --kms-endpoint=kms.testNamespace:9000
- --keyservice-endpoint=keyservice.testNamespace:9000
volumeMounts:
- mountPath: /var/config
name: config

4
cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/clusterrole.yaml → cli/internal/helm/testdata/Azure/constellation-services/charts/keyservice/templates/clusterrole.yaml vendored
View file

@ -2,8 +2,8 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: kms
name: kms
k8s-app: keyservice
name: keyservice
rules:
- apiGroups:
- ""

6
cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/clusterrolebinding.yaml → cli/internal/helm/testdata/Azure/constellation-services/charts/keyservice/templates/clusterrolebinding.yaml vendored
View file

@ -1,12 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kms
name: keyservice
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kms
name: keyservice
subjects:
- kind: ServiceAccount
name: kms
name: keyservice
namespace: testNamespace

16
cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/daemonset.yaml → cli/internal/helm/testdata/Azure/constellation-services/charts/keyservice/templates/daemonset.yaml vendored
View file

@ -2,23 +2,23 @@ apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
component: kms
k8s-app: kms
component: keyservice
k8s-app: keyservice
kubernetes.io/cluster-service: "true"
name: kms
name: keyservice
namespace: testNamespace
spec:
selector:
matchLabels:
k8s-app: kms
k8s-app: keyservice
template:
metadata:
labels:
k8s-app: kms
k8s-app: keyservice
spec:
containers:
- name: kms
image: kmsImage
- name: keyservice
image: keyserviceImage
args:
- --port=9000
volumeMounts:
@ -29,7 +29,7 @@ spec:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
priorityClassName: system-cluster-critical
serviceAccountName: kms
serviceAccountName: keyservice
tolerations:
- key: CriticalAddonsOnly
operator: Exists

0
cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/mastersecret.yaml → cli/internal/helm/testdata/Azure/constellation-services/charts/keyservice/templates/mastersecret.yaml vendored
View file

4
cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/service.yaml → cli/internal/helm/testdata/Azure/constellation-services/charts/keyservice/templates/service.yaml vendored
View file

@ -1,7 +1,7 @@
apiVersion: v1
kind: Service
metadata:
name: kms
name: keyservice
namespace: testNamespace
spec:
ports:
@ -10,7 +10,7 @@ spec:
protocol: TCP
targetPort: 9000
selector:
k8s-app: kms
k8s-app: keyservice
type: ClusterIP
status:
loadBalancer: {}

2
cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/serviceaccount.yaml → cli/internal/helm/testdata/Azure/constellation-services/charts/keyservice/templates/serviceaccount.yaml vendored
View file

@ -1,5 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kms
name: keyservice
namespace: testNamespace

2
cli/internal/helm/testdata/GCP/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml vendored
View file

@ -41,7 +41,7 @@ spec:
- "--v=5"
- "--endpoint=unix:/csi/csi.sock"
- "--run-controller-service=false"
- "--kms-addr=kms.testNamespace:9000"
- "--kms-addr=keyservice.testNamespace:9000"
securityContext:
privileged: true
volumeMounts:

2
cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/daemonset.yaml vendored
View file

@ -38,7 +38,7 @@ spec:
image: joinServiceImage
args:
- --cloud-provider=GCP
- --kms-endpoint=kms.testNamespace:9000
- --keyservice-endpoint=keyservice.testNamespace:9000
volumeMounts:
- mountPath: /var/config
name: config

4
cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/clusterrole.yaml → cli/internal/helm/testdata/GCP/constellation-services/charts/keyservice/templates/clusterrole.yaml vendored
View file

@ -2,8 +2,8 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: kms
name: kms
k8s-app: keyservice
name: keyservice
rules:
- apiGroups:
- ""

6
cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/clusterrolebinding.yaml → cli/internal/helm/testdata/GCP/constellation-services/charts/keyservice/templates/clusterrolebinding.yaml vendored
View file

@ -1,12 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kms
name: keyservice
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kms
name: keyservice
subjects:
- kind: ServiceAccount
name: kms
name: keyservice
namespace: testNamespace

16
cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/daemonset.yaml → cli/internal/helm/testdata/GCP/constellation-services/charts/keyservice/templates/daemonset.yaml vendored
View file

@ -2,23 +2,23 @@ apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
component: kms
k8s-app: kms
component: keyservice
k8s-app: keyservice
kubernetes.io/cluster-service: "true"
name: kms
name: keyservice
namespace: testNamespace
spec:
selector:
matchLabels:
k8s-app: kms
k8s-app: keyservice
template:
metadata:
labels:
k8s-app: kms
k8s-app: keyservice
spec:
containers:
- name: kms
image: kmsImage
- name: keyservice
image: keyserviceImage
args:
- --port=9000
volumeMounts:
@ -29,7 +29,7 @@ spec:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
priorityClassName: system-cluster-critical
serviceAccountName: kms
serviceAccountName: keyservice
tolerations:
- key: CriticalAddonsOnly
operator: Exists

0
cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/mastersecret.yaml → cli/internal/helm/testdata/GCP/constellation-services/charts/keyservice/templates/mastersecret.yaml vendored
View file

4
cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/service.yaml → cli/internal/helm/testdata/GCP/constellation-services/charts/keyservice/templates/service.yaml vendored
View file

@ -1,7 +1,7 @@
apiVersion: v1
kind: Service
metadata:
name: kms
name: keyservice
namespace: testNamespace
spec:
ports:
@ -10,7 +10,7 @@ spec:
protocol: TCP
targetPort: 9000
selector:
k8s-app: kms
k8s-app: keyservice
type: ClusterIP
status:
loadBalancer: {}

2
cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/serviceaccount.yaml → cli/internal/helm/testdata/GCP/constellation-services/charts/keyservice/templates/serviceaccount.yaml vendored
View file

@ -1,5 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kms
name: keyservice
namespace: testNamespace

2
cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/daemonset.yaml vendored
View file

@ -38,7 +38,7 @@ spec:
image: joinServiceImage
args:
- --cloud-provider=QEMU
- --kms-endpoint=kms.testNamespace:9000
- --keyservice-endpoint=keyservice.testNamespace:9000
volumeMounts:
- mountPath: /var/config
name: config

4
cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/clusterrole.yaml → cli/internal/helm/testdata/QEMU/constellation-services/charts/keyservice/templates/clusterrole.yaml vendored
View file

@ -2,8 +2,8 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: kms
name: kms
k8s-app: keyservice
name: keyservice
rules:
- apiGroups:
- ""

6
cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/clusterrolebinding.yaml → cli/internal/helm/testdata/QEMU/constellation-services/charts/keyservice/templates/clusterrolebinding.yaml vendored
View file

@ -1,12 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kms
name: keyservice
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kms
name: keyservice
subjects:
- kind: ServiceAccount
name: kms
name: keyservice
namespace: testNamespace

16
cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/daemonset.yaml → cli/internal/helm/testdata/QEMU/constellation-services/charts/keyservice/templates/daemonset.yaml vendored
View file

@ -2,23 +2,23 @@ apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
component: kms
k8s-app: kms
component: keyservice
k8s-app: keyservice
kubernetes.io/cluster-service: "true"
name: kms
name: keyservice
namespace: testNamespace
spec:
selector:
matchLabels:
k8s-app: kms
k8s-app: keyservice
template:
metadata:
labels:
k8s-app: kms
k8s-app: keyservice
spec:
containers:
- name: kms
image: kmsImage
- name: keyservice
image: keyserviceImage
args:
- --port=9000
volumeMounts:
@ -29,7 +29,7 @@ spec:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
priorityClassName: system-cluster-critical
serviceAccountName: kms
serviceAccountName: keyservice
tolerations:
- key: CriticalAddonsOnly
operator: Exists

0
cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/mastersecret.yaml → cli/internal/helm/testdata/QEMU/constellation-services/charts/keyservice/templates/mastersecret.yaml vendored
View file

4
cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/service.yaml → cli/internal/helm/testdata/QEMU/constellation-services/charts/keyservice/templates/service.yaml vendored
View file

@ -1,7 +1,7 @@
apiVersion: v1
kind: Service
metadata:
name: kms
name: keyservice
namespace: testNamespace
spec:
ports:
@ -10,7 +10,7 @@ spec:
protocol: TCP
targetPort: 9000
selector:
k8s-app: kms
k8s-app: keyservice
type: ClusterIP
status:
loadBalancer: {}

2
cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/serviceaccount.yaml → cli/internal/helm/testdata/QEMU/constellation-services/charts/keyservice/templates/serviceaccount.yaml vendored
View file

@ -1,5 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kms
name: keyservice
namespace: testNamespace