Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-04-21 23:59:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

Address comments

Browse Source
This commit is contained in:
Felix Schuster 2024-05-07 11:42:11 +00:00 committed by Moritz Eckert
parent 71d02a8bf9
commit 9d32eeafff
Failed to extract signature
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docs/architecture/attestation.md
View File

@ -356,7 +356,7 @@ The CLI contains the long-term public key of Edgeless Systems to verify the sign
### Cluster creation
When a cluster is [created](../workflows/create.md), the CLI automatically verifies the runtime measurements of the *first node* (also known as "bootstrapper") using remote attestation. Based on this, the CLI and the first node set up a temporary TLS connection. This [aTLS](#attested-tls-atls) connection is used for three things:
When a cluster is [created](../workflows/create.md), the CLI automatically verifies the runtime measurements of the *first node* using remote attestation. Based on this, the CLI and the first node set up a temporary TLS connection. This [aTLS](#attested-tls-atls) connection is used for three things:
1. The CLI sends the runtime measurements for the applicable node image to the first node.
2. The first node sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node.
3. The first node sends a [kubeconfig file](https://www.redhat.com/sysadmin/kubeconfig) with Kubernetes credentials to the CLI.

1
docs/styles/config/vocabularies/edgeless/accept.txt
View File

@ -11,6 +11,7 @@ backend
Bazel
bootloader
Bootstrapper
CLI
cloud
config
CPU