keyservice: use dash in container name (#1016)

Co-authored-by: Otto Bittner <cobittner@posteo.net>

cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml

@@ -4,7 +4,7 @@ description: A chart to deploy all microservices that are part of a valid conste
 type: application
 version: 2.4.0
 dependencies:
-  - name: keyservice
+  - name: key-service
     version: 2.4.0
     tags:
       - Azure

cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/Chart.yaml

@@ -2,4 +2,4 @@ apiVersion: v2
 appVersion: "v1.1.0"
 description: Azure disk Container Storage Interface (CSI) Storage Plugin with on-node encryption support
 name: azuredisk-csi-driver
-version: v1.1.0
+version: v1.1.2

cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml

@@ -121,7 +121,7 @@ spec:
             - "--allow-empty-cloud-config={{ .Values.node.allowEmptyCloudConfig }}"
             - "--support-zone={{ .Values.node.supportZone }}"
             - "--get-node-info-from-labels={{ .Values.linux.getNodeInfoFromLabels }}"
-            - "--kms-addr={{ .Values.global.keyserviceName }}.{{ .Values.global.keyserviceNamespace | default .Release.Namespace }}:{{ .Values.global.keyservicePort }}"
+            - "--kms-addr={{ .Values.global.keyServiceName }}.{{ .Values.global.keyServiceNamespace | default .Release.Namespace }}:{{ .Values.global.keyServicePort }}"
           ports:
             - containerPort: {{ .Values.node.livenessProbe.healthPort }}
               name: healthz

cli/internal/helm/charts/edgeless/constellation-services/charts/azuredisk-csi-driver/values.yaml

@@ -124,9 +124,9 @@ node:
   livenessProbe:
     healthPort: 29603
 global:
-  keyserviceName: "keyservice"
-  keyservicePort: 9000
-  keyserviceNamespace: "kube-system"
+  keyServiceName: "key-service"
+  keyServicePort: 9000
+  keyServiceNamespace: "kube-system"
 
 snapshot:
   enabled: false

cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-version: 1.0.1
-appVersion: "v1.0.1"
+version: 1.1.0
+appVersion: "v1.1.2"
 description: GCP Compute Persistent Disk Container Storage Interface (CSI) Storage Plugin with on-node encryption support
 name: gcp-compute-persistent-disk-csi-driver

cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml

@@ -41,7 +41,7 @@ spec:
             - "--v=5"
             - "--endpoint=unix:/csi/csi.sock"
             - "--run-controller-service=false"
-            - "--kms-addr={{ .Values.global.keyserviceName }}.{{ .Values.global.keyserviceNamespace | default .Release.Namespace }}:{{ .Values.global.keyservicePort }}"
+            - "--kms-addr={{ .Values.global.keyServiceName }}.{{ .Values.global.keyServiceNamespace | default .Release.Namespace }}:{{ .Values.global.keyServicePort }}"
           securityContext:
             privileged: true
           volumeMounts:

cli/internal/helm/charts/edgeless/constellation-services/charts/gcp-compute-persistent-disk-csi-driver/values.yaml

@@ -30,8 +30,8 @@ csiController:
   runOnControlPlane: true
 
 global:
-  keyserviceName: "keyservice"
-  keyservicePort: 9000
-  keyserviceNamespace: "kube-system"
+  keyServiceName: "key-service"
+  keyServicePort: 9000
+  keyServiceNamespace: "kube-system"
 
 createStorageClass: true

cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/templates/daemonset.yaml

@@ -38,7 +38,7 @@ spec:
           image: {{ .Values.image | quote }}
           args:
             - --cloud-provider={{ .Values.csp }}
-            - --keyservice-endpoint=keyservice.{{ .Release.Namespace }}:{{ .Values.global.keyservicePort }}
+            - --key-service-endpoint=key-service.{{ .Release.Namespace }}:{{ .Values.global.keyServicePort }}
           volumeMounts:
             - mountPath: {{ .Values.global.serviceBasePath | quote }}
               name: config

cli/internal/helm/charts/edgeless/constellation-services/charts/key-service/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-name: keyservice
+name: key-service
 description: A Helm chart to deploy the Constellation KeyService
 type: application
 version: 2.4.0

cli/internal/helm/charts/edgeless/constellation-services/charts/key-service/templates/clusterrole.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    k8s-app: key-service
+  name: key-service
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get

cli/internal/helm/charts/edgeless/constellation-services/charts/key-service/templates/clusterrolebinding.yaml

@@ -1,12 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: keyservice
+  name: key-service
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: keyservice
+  name: key-service
 subjects:
-- kind: ServiceAccount
-  name: keyservice
-  namespace: {{ .Release.Namespace }}
+  - kind: ServiceAccount
+    name: key-service
+    namespace: {{ .Release.Namespace }}

cli/internal/helm/charts/edgeless/constellation-services/charts/key-service/templates/daemonset.yaml

@@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    component: key-service
+    k8s-app: key-service
+    kubernetes.io/cluster-service: "true"
+  name: key-service
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      k8s-app: key-service
+  template:
+    metadata:
+      labels:
+        k8s-app: key-service
+    spec:
+      containers:
+        - name: key-service
+          image: {{ .Values.image | quote }}
+          args:
+            - --port={{ .Values.global.keyServicePort }}
+          volumeMounts:
+            - mountPath: {{ .Values.global.serviceBasePath | quote }}
+              name: config
+              readOnly: true
+          resources: {}
+      nodeSelector:
+        node-role.kubernetes.io/control-plane: ""
+      priorityClassName: system-cluster-critical
+      serviceAccountName: key-service
+      tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/master
+          operator: Exists
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/control-plane
+          operator: Exists
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+      volumes:
+        - name: config
+          projected:
+            sources:
+              - configMap:
+                  items:
+                    - key: {{ .Values.measurementsFilename | quote }}
+                      path: {{ .Values.measurementsFilename | quote }}
+                  name: {{ .Values.global.joinConfigCMName | quote }}
+              - secret:
+                  items:
+                    - key: {{ .Values.masterSecretKeyName | quote }}
+                      path: {{ .Values.masterSecretKeyName | quote }}
+                    - key: {{ .Values.saltKeyName | quote }}
+                      path: {{ .Values.saltKeyName | quote }}
+                  name: {{ .Values.masterSecretName | quote }}
+  updateStrategy: {}

cli/internal/helm/charts/edgeless/constellation-services/charts/key-service/templates/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: key-service
+  namespace: {{ .Release.Namespace }}
+spec:
+  ports:
+    - name: grpc
+      port: {{ .Values.global.keyServicePort }}
+      protocol: TCP
+      targetPort: {{ .Values.global.keyServicePort }}
+  selector:
+    k8s-app: key-service
+  type: ClusterIP
+status:
+  loadBalancer: {}

cli/internal/helm/charts/edgeless/constellation-services/charts/key-service/templates/serviceaccount.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: keyservice
+  name: key-service
   namespace: {{ .Release.Namespace }}

cli/internal/helm/charts/edgeless/constellation-services/charts/key-service/values.schema.json

@@ -4,7 +4,7 @@
         "image": {
             "description": "Container image to use for the spawned pods.",
             "type": "string",
-            "examples": ["ghcr.io/edgelesssys/constellation/keyservice:latest"]
+            "examples": ["ghcr.io/edgelesssys/constellation/key-service:latest"]
         },
         "masterSecret": {
             "description": "Secret used to derive key material within the cluster",

cli/internal/helm/charts/edgeless/constellation-services/charts/keyservice/templates/clusterrole.yaml

@@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    k8s-app: keyservice
-  name: keyservice
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get

cli/internal/helm/charts/edgeless/constellation-services/charts/keyservice/templates/daemonset.yaml

@@ -1,62 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  labels:
-    component: keyservice
-    k8s-app: keyservice
-    kubernetes.io/cluster-service: "true"
-  name: keyservice
-  namespace: {{ .Release.Namespace }}
-spec:
-  selector:
-    matchLabels:
-      k8s-app: keyservice
-  template:
-    metadata:
-      labels:
-        k8s-app: keyservice
-    spec:
-      containers:
-        - name: keyservice
-          image: {{ .Values.image | quote }}
-          args:
-            - --port={{ .Values.global.keyservicePort }}
-          volumeMounts:
-            - mountPath: {{ .Values.global.serviceBasePath | quote }}
-              name: config
-              readOnly: true
-          resources: {}
-      nodeSelector:
-        node-role.kubernetes.io/control-plane: ""
-      priorityClassName: system-cluster-critical
-      serviceAccountName: keyservice
-      tolerations:
-      - key: CriticalAddonsOnly
-        operator: Exists
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-        operator: Exists
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-        operator: Exists
-      - effect: NoExecute
-        operator: Exists
-      - effect: NoSchedule
-        operator: Exists
-      volumes:
-      - name: config
-        projected:
-          sources:
-          - configMap:
-              items:
-              - key: {{ .Values.measurementsFilename | quote }}
-                path: {{ .Values.measurementsFilename | quote }}
-              name: {{ .Values.global.joinConfigCMName | quote }}
-          - secret:
-              items:
-              - key: {{ .Values.masterSecretKeyName | quote }}
-                path: {{ .Values.masterSecretKeyName | quote }}
-              - key: {{ .Values.saltKeyName | quote }}
-                path: {{ .Values.saltKeyName | quote }}
-              name: {{ .Values.masterSecretName | quote }}
-  updateStrategy: {}

cli/internal/helm/charts/edgeless/constellation-services/charts/keyservice/templates/service.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: keyservice
-  namespace: {{ .Release.Namespace }}
-spec:
-  ports:
-  - name: grpc
-    port: {{ .Values.global.keyservicePort }}
-    protocol: TCP
-    targetPort: {{ .Values.global.keyservicePort }}
-  selector:
-    k8s-app: keyservice
-  type: ClusterIP
-status:
-  loadBalancer: {}

cli/internal/helm/charts/edgeless/constellation-services/charts/kms/Chart.yaml

@@ -1,5 +0,0 @@
-apiVersion: v2
-name: kms
-description: A Helm chart to deploy the Constellation Key Management Service
-type: application
-version: 2.4.0

cli/internal/helm/charts/edgeless/constellation-services/values.yaml

@@ -1,6 +1,6 @@
 global:
   # Port on which the KeyService will listen. Global since join-service also uses the value.
-  keyservicePort: 9000
+  keyServicePort: 9000
   # Path to which secrets/CMs are mounted.
   serviceBasePath: /var/config
   # Name of the ConfigMap that holds measurements and other info.