mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-27 15:57:04 -05:00
keyservice: use dash in container name (#1016)
Co-authored-by: Otto Bittner <cobittner@posteo.net>
This commit is contained in:
Paul Meyer
GitHub
parent
effe797d81
commit
a8cbfd848f
2
.github/actions/e2e_mini/run-e2e.sh
vendored
2
.github/actions/e2e_mini/run-e2e.sh
vendored
@ -56,7 +56,7 @@ kubectl -n kube-system wait --for=condition=Available=True --timeout=180s deploy
|
|||||||
# Wait for daemon sets
|
# Wait for daemon sets
|
||||||
kubectl -n kube-system rollout status --timeout 180s daemonset cilium
|
kubectl -n kube-system rollout status --timeout 180s daemonset cilium
|
||||||
kubectl -n kube-system rollout status --timeout 180s daemonset join-service
|
kubectl -n kube-system rollout status --timeout 180s daemonset join-service
|
||||||
kubectl -n kube-system rollout status --timeout 180s daemonset keyservice
|
kubectl -n kube-system rollout status --timeout 180s daemonset key-service
|
||||||
kubectl -n kube-system rollout status --timeout 180s daemonset konnectivity-agent
|
kubectl -n kube-system rollout status --timeout 180s daemonset konnectivity-agent
|
||||||
kubectl -n kube-system rollout status --timeout 180s daemonset verification-service
|
kubectl -n kube-system rollout status --timeout 180s daemonset verification-service
|
||||||
echo "::endgroup::"
|
echo "::endgroup::"
|
||||||
|
|||||||
@ -34,7 +34,7 @@ jobs:
|
|||||||
id: build-and-upload
|
id: build-and-upload
|
||||||
uses: ./.github/actions/build_micro_service_ko
|
uses: ./.github/actions/build_micro_service_ko
|
||||||
with:
|
with:
|
||||||
name: keyservice
|
name: key-service
|
||||||
koConfig: .ko.yaml
|
koConfig: .ko.yaml
|
||||||
koTarget: ./keyservice/cmd
|
koTarget: ./keyservice/cmd
|
||||||
githubToken: ${{ secrets.GITHUB_TOKEN }}
|
githubToken: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|||||||
2
.github/workflows/build-keyservice-image.yml
vendored
2
.github/workflows/build-keyservice-image.yml
vendored
@ -33,7 +33,7 @@ jobs:
|
|||||||
id: build-and-upload
|
id: build-and-upload
|
||||||
uses: ./.github/actions/build_micro_service
|
uses: ./.github/actions/build_micro_service
|
||||||
with:
|
with:
|
||||||
name: keyservice
|
name: key-service
|
||||||
projectVersion: "0.0.0"
|
projectVersion: "0.0.0"
|
||||||
dockerfile: keyservice/Dockerfile
|
dockerfile: keyservice/Dockerfile
|
||||||
githubToken: ${{ secrets.GITHUB_TOKEN }}
|
githubToken: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|||||||
@ -8,7 +8,7 @@ on:
|
|||||||
type: choice
|
type: choice
|
||||||
options:
|
options:
|
||||||
- "join-service"
|
- "join-service"
|
||||||
- "keyservice"
|
- "key-service"
|
||||||
- "verification-service"
|
- "verification-service"
|
||||||
- "qemu-metadata-api"
|
- "qemu-metadata-api"
|
||||||
- "filebeat-debugd"
|
- "filebeat-debugd"
|
||||||
@ -80,7 +80,7 @@ jobs:
|
|||||||
case "${{ inputs.microService }}" in
|
case "${{ inputs.microService }}" in
|
||||||
"join-service" )
|
"join-service" )
|
||||||
echo "microServiceDockerfile=joinservice/Dockerfile" >> "$GITHUB_ENV" ;;
|
echo "microServiceDockerfile=joinservice/Dockerfile" >> "$GITHUB_ENV" ;;
|
||||||
"keyservice" )
|
"key-service" )
|
||||||
echo "microServiceDockerfile=keyservice/Dockerfile" >> "$GITHUB_ENV" ;;
|
echo "microServiceDockerfile=keyservice/Dockerfile" >> "$GITHUB_ENV" ;;
|
||||||
"verification-service" )
|
"verification-service" )
|
||||||
echo "microServiceDockerfile=verify/Dockerfile" >> "$GITHUB_ENV" ;;
|
echo "microServiceDockerfile=verify/Dockerfile" >> "$GITHUB_ENV" ;;
|
||||||
|
|||||||
6
.github/workflows/release.yml
vendored
6
.github/workflows/release.yml
vendored
@ -131,7 +131,7 @@ jobs:
|
|||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
service:
|
service:
|
||||||
[join-service, keyservice, verification-service, qemu-metadata-api]
|
[join-service, key-service, verification-service, qemu-metadata-api]
|
||||||
with:
|
with:
|
||||||
microService: ${{ matrix.service }}
|
microService: ${{ matrix.service }}
|
||||||
imageTag: ${{ inputs.version }}
|
imageTag: ${{ inputs.version }}
|
||||||
@ -178,7 +178,7 @@ jobs:
|
|||||||
- name: Update Helm Charts
|
- name: Update Helm Charts
|
||||||
run: |
|
run: |
|
||||||
yq eval -i ".version = \"${WITHOUT_V}\"" cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml
|
yq eval -i ".version = \"${WITHOUT_V}\"" cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml
|
||||||
for service in keyservice join-service ccm cnm autoscaler verification-service konnectivity gcp-guest-agent; do
|
for service in key-service join-service ccm cnm autoscaler verification-service konnectivity gcp-guest-agent; do
|
||||||
yq eval -i "(.dependencies[] | select(.name == \"${service}\")).version = \"${WITHOUT_V}\"" cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml
|
yq eval -i "(.dependencies[] | select(.name == \"${service}\")).version = \"${WITHOUT_V}\"" cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml
|
||||||
yq eval -i ".version = \"${WITHOUT_V}\"" "cli/internal/helm/charts/edgeless/constellation-services/charts/${service}/Chart.yaml"
|
yq eval -i ".version = \"${WITHOUT_V}\"" "cli/internal/helm/charts/edgeless/constellation-services/charts/${service}/Chart.yaml"
|
||||||
git add "cli/internal/helm/charts/edgeless/constellation-services/charts/${service}/Chart.yaml"
|
git add "cli/internal/helm/charts/edgeless/constellation-services/charts/${service}/Chart.yaml"
|
||||||
@ -194,7 +194,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Update micro service versions
|
- name: Update micro service versions
|
||||||
run: |
|
run: |
|
||||||
for service in node-operator join-service keyservice verification-service qemu-metadata-api; do
|
for service in node-operator join-service key-service verification-service qemu-metadata-api; do
|
||||||
name=ghcr.io/edgelesssys/constellation/${service}
|
name=ghcr.io/edgelesssys/constellation/${service}
|
||||||
digest=$(crane digest "${name}:${VERSION}")
|
digest=$(crane digest "${name}:${VERSION}")
|
||||||
sed -i "s#\"${name}:v[0-9]\+\.[0-9]\+\.[0-9]\+[^@]*@sha256:[0-9a-f]\+\"#\"${name}:${VERSION}@${digest}\"#" internal/versions/versions.go
|
sed -i "s#\"${name}:v[0-9]\+\.[0-9]\+\.[0-9]\+[^@]*@sha256:[0-9a-f]\+\"#\"${name}:${VERSION}@${digest}\"#" internal/versions/versions.go
|
||||||
|
|||||||
@ -4,7 +4,7 @@ description: A chart to deploy all microservices that are part of a valid conste
|
|||||||
type: application
|
type: application
|
||||||
version: 2.4.0
|
version: 2.4.0
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: keyservice
|
- name: key-service
|
||||||
version: 2.4.0
|
version: 2.4.0
|
||||||
tags:
|
tags:
|
||||||
- Azure
|
- Azure
|
||||||
|
|||||||
@ -2,4 +2,4 @@ apiVersion: v2
|
|||||||
appVersion: "v1.1.0"
|
appVersion: "v1.1.0"
|
||||||
description: Azure disk Container Storage Interface (CSI) Storage Plugin with on-node encryption support
|
description: Azure disk Container Storage Interface (CSI) Storage Plugin with on-node encryption support
|
||||||
name: azuredisk-csi-driver
|
name: azuredisk-csi-driver
|
||||||
version: v1.1.0
|
version: v1.1.2
|
||||||
|
|||||||
@ -121,7 +121,7 @@ spec:
|
|||||||
- "--allow-empty-cloud-config={{ .Values.node.allowEmptyCloudConfig }}"
|
- "--allow-empty-cloud-config={{ .Values.node.allowEmptyCloudConfig }}"
|
||||||
- "--support-zone={{ .Values.node.supportZone }}"
|
- "--support-zone={{ .Values.node.supportZone }}"
|
||||||
- "--get-node-info-from-labels={{ .Values.linux.getNodeInfoFromLabels }}"
|
- "--get-node-info-from-labels={{ .Values.linux.getNodeInfoFromLabels }}"
|
||||||
- "--kms-addr={{ .Values.global.keyserviceName }}.{{ .Values.global.keyserviceNamespace | default .Release.Namespace }}:{{ .Values.global.keyservicePort }}"
|
- "--kms-addr={{ .Values.global.keyServiceName }}.{{ .Values.global.keyServiceNamespace | default .Release.Namespace }}:{{ .Values.global.keyServicePort }}"
|
||||||
ports:
|
ports:
|
||||||
- containerPort: {{ .Values.node.livenessProbe.healthPort }}
|
- containerPort: {{ .Values.node.livenessProbe.healthPort }}
|
||||||
name: healthz
|
name: healthz
|
||||||
|
|||||||
@ -124,9 +124,9 @@ node:
|
|||||||
livenessProbe:
|
livenessProbe:
|
||||||
healthPort: 29603
|
healthPort: 29603
|
||||||
global:
|
global:
|
||||||
keyserviceName: "keyservice"
|
keyServiceName: "key-service"
|
||||||
keyservicePort: 9000
|
keyServicePort: 9000
|
||||||
keyserviceNamespace: "kube-system"
|
keyServiceNamespace: "kube-system"
|
||||||
|
|
||||||
snapshot:
|
snapshot:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
version: 1.0.1
|
version: 1.1.0
|
||||||
appVersion: "v1.0.1"
|
appVersion: "v1.1.2"
|
||||||
description: GCP Compute Persistent Disk Container Storage Interface (CSI) Storage Plugin with on-node encryption support
|
description: GCP Compute Persistent Disk Container Storage Interface (CSI) Storage Plugin with on-node encryption support
|
||||||
name: gcp-compute-persistent-disk-csi-driver
|
name: gcp-compute-persistent-disk-csi-driver
|
||||||
|
|||||||
@ -41,7 +41,7 @@ spec:
|
|||||||
- "--v=5"
|
- "--v=5"
|
||||||
- "--endpoint=unix:/csi/csi.sock"
|
- "--endpoint=unix:/csi/csi.sock"
|
||||||
- "--run-controller-service=false"
|
- "--run-controller-service=false"
|
||||||
- "--kms-addr={{ .Values.global.keyserviceName }}.{{ .Values.global.keyserviceNamespace | default .Release.Namespace }}:{{ .Values.global.keyservicePort }}"
|
- "--kms-addr={{ .Values.global.keyServiceName }}.{{ .Values.global.keyServiceNamespace | default .Release.Namespace }}:{{ .Values.global.keyServicePort }}"
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
|||||||
@ -30,8 +30,8 @@ csiController:
|
|||||||
runOnControlPlane: true
|
runOnControlPlane: true
|
||||||
|
|
||||||
global:
|
global:
|
||||||
keyserviceName: "keyservice"
|
keyServiceName: "key-service"
|
||||||
keyservicePort: 9000
|
keyServicePort: 9000
|
||||||
keyserviceNamespace: "kube-system"
|
keyServiceNamespace: "kube-system"
|
||||||
|
|
||||||
createStorageClass: true
|
createStorageClass: true
|
||||||
|
|||||||
@ -38,7 +38,7 @@ spec:
|
|||||||
image: {{ .Values.image | quote }}
|
image: {{ .Values.image | quote }}
|
||||||
args:
|
args:
|
||||||
- --cloud-provider={{ .Values.csp }}
|
- --cloud-provider={{ .Values.csp }}
|
||||||
- --keyservice-endpoint=keyservice.{{ .Release.Namespace }}:{{ .Values.global.keyservicePort }}
|
- --key-service-endpoint=key-service.{{ .Release.Namespace }}:{{ .Values.global.keyServicePort }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: {{ .Values.global.serviceBasePath | quote }}
|
- mountPath: {{ .Values.global.serviceBasePath | quote }}
|
||||||
name: config
|
name: config
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
name: keyservice
|
name: key-service
|
||||||
description: A Helm chart to deploy the Constellation KeyService
|
description: A Helm chart to deploy the Constellation KeyService
|
||||||
type: application
|
type: application
|
||||||
version: 2.4.0
|
version: 2.4.0
|
||||||
@ -0,0 +1,13 @@
|
|||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: key-service
|
||||||
|
name: key-service
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
@ -1,12 +1,12 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: keyservice
|
name: key-service
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: keyservice
|
name: key-service
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: keyservice
|
name: key-service
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@ -0,0 +1,62 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
component: key-service
|
||||||
|
k8s-app: key-service
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
name: key-service
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
k8s-app: key-service
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: key-service
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: key-service
|
||||||
|
image: {{ .Values.image | quote }}
|
||||||
|
args:
|
||||||
|
- --port={{ .Values.global.keyServicePort }}
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: {{ .Values.global.serviceBasePath | quote }}
|
||||||
|
name: config
|
||||||
|
readOnly: true
|
||||||
|
resources: {}
|
||||||
|
nodeSelector:
|
||||||
|
node-role.kubernetes.io/control-plane: ""
|
||||||
|
priorityClassName: system-cluster-critical
|
||||||
|
serviceAccountName: key-service
|
||||||
|
tolerations:
|
||||||
|
- key: CriticalAddonsOnly
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
key: node-role.kubernetes.io/master
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
key: node-role.kubernetes.io/control-plane
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoExecute
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
operator: Exists
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- configMap:
|
||||||
|
items:
|
||||||
|
- key: {{ .Values.measurementsFilename | quote }}
|
||||||
|
path: {{ .Values.measurementsFilename | quote }}
|
||||||
|
name: {{ .Values.global.joinConfigCMName | quote }}
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: {{ .Values.masterSecretKeyName | quote }}
|
||||||
|
path: {{ .Values.masterSecretKeyName | quote }}
|
||||||
|
- key: {{ .Values.saltKeyName | quote }}
|
||||||
|
path: {{ .Values.saltKeyName | quote }}
|
||||||
|
name: {{ .Values.masterSecretName | quote }}
|
||||||
|
updateStrategy: {}
|
||||||
@ -0,0 +1,16 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: key-service
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: grpc
|
||||||
|
port: {{ .Values.global.keyServicePort }}
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: {{ .Values.global.keyServicePort }}
|
||||||
|
selector:
|
||||||
|
k8s-app: key-service
|
||||||
|
type: ClusterIP
|
||||||
|
status:
|
||||||
|
loadBalancer: {}
|
||||||
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: keyservice
|
name: key-service
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@ -4,7 +4,7 @@
|
|||||||
"image": {
|
"image": {
|
||||||
"description": "Container image to use for the spawned pods.",
|
"description": "Container image to use for the spawned pods.",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"examples": ["ghcr.io/edgelesssys/constellation/keyservice:latest"]
|
"examples": ["ghcr.io/edgelesssys/constellation/key-service:latest"]
|
||||||
},
|
},
|
||||||
"masterSecret": {
|
"masterSecret": {
|
||||||
"description": "Secret used to derive key material within the cluster",
|
"description": "Secret used to derive key material within the cluster",
|
||||||
@ -1,13 +0,0 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: keyservice
|
|
||||||
name: keyservice
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- secrets
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
@ -1,62 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
component: keyservice
|
|
||||||
k8s-app: keyservice
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: keyservice
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
k8s-app: keyservice
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: keyservice
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: keyservice
|
|
||||||
image: {{ .Values.image | quote }}
|
|
||||||
args:
|
|
||||||
- --port={{ .Values.global.keyservicePort }}
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: {{ .Values.global.serviceBasePath | quote }}
|
|
||||||
name: config
|
|
||||||
readOnly: true
|
|
||||||
resources: {}
|
|
||||||
nodeSelector:
|
|
||||||
node-role.kubernetes.io/control-plane: ""
|
|
||||||
priorityClassName: system-cluster-critical
|
|
||||||
serviceAccountName: keyservice
|
|
||||||
tolerations:
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoExecute
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
operator: Exists
|
|
||||||
volumes:
|
|
||||||
- name: config
|
|
||||||
projected:
|
|
||||||
sources:
|
|
||||||
- configMap:
|
|
||||||
items:
|
|
||||||
- key: {{ .Values.measurementsFilename | quote }}
|
|
||||||
path: {{ .Values.measurementsFilename | quote }}
|
|
||||||
name: {{ .Values.global.joinConfigCMName | quote }}
|
|
||||||
- secret:
|
|
||||||
items:
|
|
||||||
- key: {{ .Values.masterSecretKeyName | quote }}
|
|
||||||
path: {{ .Values.masterSecretKeyName | quote }}
|
|
||||||
- key: {{ .Values.saltKeyName | quote }}
|
|
||||||
path: {{ .Values.saltKeyName | quote }}
|
|
||||||
name: {{ .Values.masterSecretName | quote }}
|
|
||||||
updateStrategy: {}
|
|
||||||
@ -1,16 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: keyservice
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- name: grpc
|
|
||||||
port: {{ .Values.global.keyservicePort }}
|
|
||||||
protocol: TCP
|
|
||||||
targetPort: {{ .Values.global.keyservicePort }}
|
|
||||||
selector:
|
|
||||||
k8s-app: keyservice
|
|
||||||
type: ClusterIP
|
|
||||||
status:
|
|
||||||
loadBalancer: {}
|
|
||||||
@ -1,5 +0,0 @@
|
|||||||
apiVersion: v2
|
|
||||||
name: kms
|
|
||||||
description: A Helm chart to deploy the Constellation Key Management Service
|
|
||||||
type: application
|
|
||||||
version: 2.4.0
|
|
||||||
@ -1,6 +1,6 @@
|
|||||||
global:
|
global:
|
||||||
# Port on which the KeyService will listen. Global since join-service also uses the value.
|
# Port on which the KeyService will listen. Global since join-service also uses the value.
|
||||||
keyservicePort: 9000
|
keyServicePort: 9000
|
||||||
# Path to which secrets/CMs are mounted.
|
# Path to which secrets/CMs are mounted.
|
||||||
serviceBasePath: /var/config
|
serviceBasePath: /var/config
|
||||||
# Name of the ConfigMap that holds measurements and other info.
|
# Name of the ConfigMap that holds measurements and other info.
|
||||||
|
|||||||
@ -52,7 +52,7 @@ const (
|
|||||||
// ChartLoader loads embedded helm charts.
|
// ChartLoader loads embedded helm charts.
|
||||||
type ChartLoader struct {
|
type ChartLoader struct {
|
||||||
joinServiceImage string
|
joinServiceImage string
|
||||||
keyserviceImage string
|
keyServiceImage string
|
||||||
ccmImage string
|
ccmImage string
|
||||||
cnmImage string
|
cnmImage string
|
||||||
autoscalerImage string
|
autoscalerImage string
|
||||||
@ -78,7 +78,7 @@ func NewLoader(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion)
|
|||||||
|
|
||||||
return &ChartLoader{
|
return &ChartLoader{
|
||||||
joinServiceImage: versions.JoinImage,
|
joinServiceImage: versions.JoinImage,
|
||||||
keyserviceImage: versions.KeyServiceImage,
|
keyServiceImage: versions.KeyServiceImage,
|
||||||
ccmImage: ccmImage,
|
ccmImage: ccmImage,
|
||||||
cnmImage: cnmImage,
|
cnmImage: cnmImage,
|
||||||
autoscalerImage: versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage,
|
autoscalerImage: versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage,
|
||||||
@ -359,14 +359,14 @@ func (i *ChartLoader) loadConstellationServicesValues(config *config.Config, mas
|
|||||||
csp := config.GetProvider()
|
csp := config.GetProvider()
|
||||||
values := map[string]any{
|
values := map[string]any{
|
||||||
"global": map[string]any{
|
"global": map[string]any{
|
||||||
"keyservicePort": constants.KeyservicePort,
|
"keyServicePort": constants.KeyServicePort,
|
||||||
"keyserviceNamespace": "", // empty namespace means we use the release namespace
|
"keyServiceNamespace": "", // empty namespace means we use the release namespace
|
||||||
"serviceBasePath": constants.ServiceBasePath,
|
"serviceBasePath": constants.ServiceBasePath,
|
||||||
"joinConfigCMName": constants.JoinConfigMap,
|
"joinConfigCMName": constants.JoinConfigMap,
|
||||||
"internalCMName": constants.InternalConfigMap,
|
"internalCMName": constants.InternalConfigMap,
|
||||||
},
|
},
|
||||||
"keyservice": map[string]any{
|
"key-service": map[string]any{
|
||||||
"image": i.keyserviceImage,
|
"image": i.keyServiceImage,
|
||||||
"masterSecret": base64.StdEncoding.EncodeToString(masterSecret),
|
"masterSecret": base64.StdEncoding.EncodeToString(masterSecret),
|
||||||
"salt": base64.StdEncoding.EncodeToString(salt),
|
"salt": base64.StdEncoding.EncodeToString(salt),
|
||||||
"saltKeyName": constants.ConstellationSaltKey,
|
"saltKeyName": constants.ConstellationSaltKey,
|
||||||
|
|||||||
@ -90,7 +90,7 @@ func TestConstellationServices(t *testing.T) {
|
|||||||
|
|
||||||
chartLoader := ChartLoader{
|
chartLoader := ChartLoader{
|
||||||
joinServiceImage: "joinServiceImage",
|
joinServiceImage: "joinServiceImage",
|
||||||
keyserviceImage: "keyserviceImage",
|
keyServiceImage: "keyServiceImage",
|
||||||
ccmImage: tc.ccmImage,
|
ccmImage: tc.ccmImage,
|
||||||
cnmImage: tc.cnmImage,
|
cnmImage: tc.cnmImage,
|
||||||
autoscalerImage: "autoscalerImage",
|
autoscalerImage: "autoscalerImage",
|
||||||
@ -159,7 +159,7 @@ func TestOperators(t *testing.T) {
|
|||||||
|
|
||||||
chartLoader := ChartLoader{
|
chartLoader := ChartLoader{
|
||||||
joinServiceImage: "joinServiceImage",
|
joinServiceImage: "joinServiceImage",
|
||||||
keyserviceImage: "keyserviceImage",
|
keyServiceImage: "keyServiceImage",
|
||||||
ccmImage: "ccmImage",
|
ccmImage: "ccmImage",
|
||||||
cnmImage: "cnmImage",
|
cnmImage: "cnmImage",
|
||||||
autoscalerImage: "autoscalerImage",
|
autoscalerImage: "autoscalerImage",
|
||||||
@ -338,7 +338,7 @@ func prepareGCPValues(values map[string]any) error {
|
|||||||
|
|
||||||
verificationVals, ok := values["verification-service"].(map[string]any)
|
verificationVals, ok := values["verification-service"].(map[string]any)
|
||||||
if !ok {
|
if !ok {
|
||||||
return errors.New("missing 'verification-service' key")
|
return fmt.Errorf("missing 'verification-service' key %v", values)
|
||||||
}
|
}
|
||||||
verificationVals["loadBalancerIP"] = "127.0.0.1"
|
verificationVals["loadBalancerIP"] = "127.0.0.1"
|
||||||
|
|
||||||
|
|||||||
@ -8,7 +8,7 @@ metadata:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
spec:
|
spec:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
selector:
|
selector:
|
||||||
@ -21,7 +21,7 @@ spec:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
app: csi-azuredisk-controller
|
app: csi-azuredisk-controller
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: csi-azuredisk-controller-sa
|
serviceAccountName: csi-azuredisk-controller-sa
|
||||||
@ -122,8 +122,8 @@ spec:
|
|||||||
- "-v=2"
|
- "-v=2"
|
||||||
- "-leader-election"
|
- "-leader-election"
|
||||||
- "--leader-election-namespace=testNamespace"
|
- "--leader-election-namespace=testNamespace"
|
||||||
- '-handle-volume-inuse-error=false'
|
- "-handle-volume-inuse-error=false"
|
||||||
- '-feature-gates=RecoverVolumeExpansionFailure=true'
|
- "-feature-gates=RecoverVolumeExpansionFailure=true"
|
||||||
- "-timeout=240s"
|
- "-timeout=240s"
|
||||||
env:
|
env:
|
||||||
- name: ADDRESS
|
- name: ADDRESS
|
||||||
|
|||||||
@ -8,7 +8,7 @@ metadata:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
spec:
|
spec:
|
||||||
updateStrategy:
|
updateStrategy:
|
||||||
rollingUpdate:
|
rollingUpdate:
|
||||||
@ -24,7 +24,7 @@ spec:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
app: csi-azuredisk-node
|
app: csi-azuredisk-node
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: csi-azuredisk-node-sa
|
serviceAccountName: csi-azuredisk-node-sa
|
||||||
@ -107,7 +107,7 @@ spec:
|
|||||||
- "--allow-empty-cloud-config=true"
|
- "--allow-empty-cloud-config=true"
|
||||||
- "--support-zone=true"
|
- "--support-zone=true"
|
||||||
- "--get-node-info-from-labels=false"
|
- "--get-node-info-from-labels=false"
|
||||||
- "--kms-addr=keyservice.testNamespace:9000"
|
- "--kms-addr=key-service.testNamespace:9000"
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 29603
|
- containerPort: 29603
|
||||||
name: healthz
|
name: healthz
|
||||||
|
|||||||
@ -7,7 +7,7 @@ metadata:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["persistentvolumes"]
|
resources: ["persistentvolumes"]
|
||||||
@ -48,7 +48,7 @@ metadata:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: csi-azuredisk-controller-sa
|
name: csi-azuredisk-controller-sa
|
||||||
@ -69,7 +69,7 @@ metadata:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["persistentvolumes"]
|
resources: ["persistentvolumes"]
|
||||||
@ -100,7 +100,7 @@ metadata:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: csi-azuredisk-controller-sa
|
name: csi-azuredisk-controller-sa
|
||||||
@ -121,7 +121,7 @@ metadata:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["events"]
|
resources: ["events"]
|
||||||
@ -152,7 +152,7 @@ metadata:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: csi-azuredisk-controller-sa
|
name: csi-azuredisk-controller-sa
|
||||||
@ -172,7 +172,7 @@ metadata:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["persistentvolumes"]
|
resources: ["persistentvolumes"]
|
||||||
@ -202,7 +202,7 @@ metadata:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: csi-azuredisk-controller-sa
|
name: csi-azuredisk-controller-sa
|
||||||
|
|||||||
@ -8,4 +8,4 @@ metadata:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
|
|||||||
@ -8,4 +8,4 @@ metadata:
|
|||||||
app.kubernetes.io/managed-by: "Helm"
|
app.kubernetes.io/managed-by: "Helm"
|
||||||
app.kubernetes.io/name: "azuredisk-csi-driver"
|
app.kubernetes.io/name: "azuredisk-csi-driver"
|
||||||
app.kubernetes.io/version: "v1.1.0"
|
app.kubernetes.io/version: "v1.1.0"
|
||||||
helm.sh/chart: "azuredisk-csi-driver-v1.1.0"
|
helm.sh/chart: "azuredisk-csi-driver-v1.1.2"
|
||||||
|
|||||||
@ -38,7 +38,7 @@ spec:
|
|||||||
image: joinServiceImage
|
image: joinServiceImage
|
||||||
args:
|
args:
|
||||||
- --cloud-provider=Azure
|
- --cloud-provider=Azure
|
||||||
- --keyservice-endpoint=keyservice.testNamespace:9000
|
- --key-service-endpoint=key-service.testNamespace:9000
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /var/config
|
- mountPath: /var/config
|
||||||
name: config
|
name: config
|
||||||
|
|||||||
@ -0,0 +1,13 @@
|
|||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: key-service
|
||||||
|
name: key-service
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
@ -1,12 +1,12 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: keyservice
|
name: key-service
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: keyservice
|
name: key-service
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: keyservice
|
name: key-service
|
||||||
namespace: testNamespace
|
namespace: testNamespace
|
||||||
@ -0,0 +1,62 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
component: key-service
|
||||||
|
k8s-app: key-service
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
name: key-service
|
||||||
|
namespace: testNamespace
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
k8s-app: key-service
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: key-service
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: key-service
|
||||||
|
image: keyServiceImage
|
||||||
|
args:
|
||||||
|
- --port=9000
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /var/config
|
||||||
|
name: config
|
||||||
|
readOnly: true
|
||||||
|
resources: {}
|
||||||
|
nodeSelector:
|
||||||
|
node-role.kubernetes.io/control-plane: ""
|
||||||
|
priorityClassName: system-cluster-critical
|
||||||
|
serviceAccountName: key-service
|
||||||
|
tolerations:
|
||||||
|
- key: CriticalAddonsOnly
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
key: node-role.kubernetes.io/master
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
key: node-role.kubernetes.io/control-plane
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoExecute
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
operator: Exists
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- configMap:
|
||||||
|
items:
|
||||||
|
- key: measurements
|
||||||
|
path: measurements
|
||||||
|
name: join-config
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: mastersecret
|
||||||
|
path: mastersecret
|
||||||
|
- key: salt
|
||||||
|
path: salt
|
||||||
|
name: constellation-mastersecret
|
||||||
|
updateStrategy: {}
|
||||||
@ -1,7 +1,7 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: keyservice
|
name: key-service
|
||||||
namespace: testNamespace
|
namespace: testNamespace
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
@ -10,7 +10,7 @@ spec:
|
|||||||
protocol: TCP
|
protocol: TCP
|
||||||
targetPort: 9000
|
targetPort: 9000
|
||||||
selector:
|
selector:
|
||||||
k8s-app: keyservice
|
k8s-app: key-service
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
status:
|
status:
|
||||||
loadBalancer: {}
|
loadBalancer: {}
|
||||||
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: keyservice
|
name: key-service
|
||||||
namespace: testNamespace
|
namespace: testNamespace
|
||||||
@ -1,13 +0,0 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: keyservice
|
|
||||||
name: keyservice
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- secrets
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
@ -1,62 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
component: keyservice
|
|
||||||
k8s-app: keyservice
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: keyservice
|
|
||||||
namespace: testNamespace
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
k8s-app: keyservice
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: keyservice
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: keyservice
|
|
||||||
image: keyserviceImage
|
|
||||||
args:
|
|
||||||
- --port=9000
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /var/config
|
|
||||||
name: config
|
|
||||||
readOnly: true
|
|
||||||
resources: {}
|
|
||||||
nodeSelector:
|
|
||||||
node-role.kubernetes.io/control-plane: ""
|
|
||||||
priorityClassName: system-cluster-critical
|
|
||||||
serviceAccountName: keyservice
|
|
||||||
tolerations:
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoExecute
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
operator: Exists
|
|
||||||
volumes:
|
|
||||||
- name: config
|
|
||||||
projected:
|
|
||||||
sources:
|
|
||||||
- configMap:
|
|
||||||
items:
|
|
||||||
- key: measurements
|
|
||||||
path: measurements
|
|
||||||
name: join-config
|
|
||||||
- secret:
|
|
||||||
items:
|
|
||||||
- key: mastersecret
|
|
||||||
path: mastersecret
|
|
||||||
- key: salt
|
|
||||||
path: salt
|
|
||||||
name: constellation-mastersecret
|
|
||||||
updateStrategy: {}
|
|
||||||
@ -41,7 +41,7 @@ spec:
|
|||||||
- "--v=5"
|
- "--v=5"
|
||||||
- "--endpoint=unix:/csi/csi.sock"
|
- "--endpoint=unix:/csi/csi.sock"
|
||||||
- "--run-controller-service=false"
|
- "--run-controller-service=false"
|
||||||
- "--kms-addr=keyservice.testNamespace:9000"
|
- "--kms-addr=key-service.testNamespace:9000"
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
|||||||
@ -38,7 +38,7 @@ spec:
|
|||||||
image: joinServiceImage
|
image: joinServiceImage
|
||||||
args:
|
args:
|
||||||
- --cloud-provider=GCP
|
- --cloud-provider=GCP
|
||||||
- --keyservice-endpoint=keyservice.testNamespace:9000
|
- --key-service-endpoint=key-service.testNamespace:9000
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /var/config
|
- mountPath: /var/config
|
||||||
name: config
|
name: config
|
||||||
|
|||||||
@ -0,0 +1,13 @@
|
|||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: key-service
|
||||||
|
name: key-service
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
@ -1,12 +1,12 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: keyservice
|
name: key-service
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: keyservice
|
name: key-service
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: keyservice
|
name: key-service
|
||||||
namespace: testNamespace
|
namespace: testNamespace
|
||||||
@ -0,0 +1,62 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
component: key-service
|
||||||
|
k8s-app: key-service
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
name: key-service
|
||||||
|
namespace: testNamespace
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
k8s-app: key-service
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: key-service
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: key-service
|
||||||
|
image: keyServiceImage
|
||||||
|
args:
|
||||||
|
- --port=9000
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /var/config
|
||||||
|
name: config
|
||||||
|
readOnly: true
|
||||||
|
resources: {}
|
||||||
|
nodeSelector:
|
||||||
|
node-role.kubernetes.io/control-plane: ""
|
||||||
|
priorityClassName: system-cluster-critical
|
||||||
|
serviceAccountName: key-service
|
||||||
|
tolerations:
|
||||||
|
- key: CriticalAddonsOnly
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
key: node-role.kubernetes.io/master
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
key: node-role.kubernetes.io/control-plane
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoExecute
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
operator: Exists
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- configMap:
|
||||||
|
items:
|
||||||
|
- key: measurements
|
||||||
|
path: measurements
|
||||||
|
name: join-config
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: mastersecret
|
||||||
|
path: mastersecret
|
||||||
|
- key: salt
|
||||||
|
path: salt
|
||||||
|
name: constellation-mastersecret
|
||||||
|
updateStrategy: {}
|
||||||
@ -1,7 +1,7 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: keyservice
|
name: key-service
|
||||||
namespace: testNamespace
|
namespace: testNamespace
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
@ -10,7 +10,7 @@ spec:
|
|||||||
protocol: TCP
|
protocol: TCP
|
||||||
targetPort: 9000
|
targetPort: 9000
|
||||||
selector:
|
selector:
|
||||||
k8s-app: keyservice
|
k8s-app: key-service
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
status:
|
status:
|
||||||
loadBalancer: {}
|
loadBalancer: {}
|
||||||
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: keyservice
|
name: key-service
|
||||||
namespace: testNamespace
|
namespace: testNamespace
|
||||||
@ -1,13 +0,0 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: keyservice
|
|
||||||
name: keyservice
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- secrets
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
@ -1,62 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
component: keyservice
|
|
||||||
k8s-app: keyservice
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: keyservice
|
|
||||||
namespace: testNamespace
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
k8s-app: keyservice
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: keyservice
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: keyservice
|
|
||||||
image: keyserviceImage
|
|
||||||
args:
|
|
||||||
- --port=9000
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /var/config
|
|
||||||
name: config
|
|
||||||
readOnly: true
|
|
||||||
resources: {}
|
|
||||||
nodeSelector:
|
|
||||||
node-role.kubernetes.io/control-plane: ""
|
|
||||||
priorityClassName: system-cluster-critical
|
|
||||||
serviceAccountName: keyservice
|
|
||||||
tolerations:
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoExecute
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
operator: Exists
|
|
||||||
volumes:
|
|
||||||
- name: config
|
|
||||||
projected:
|
|
||||||
sources:
|
|
||||||
- configMap:
|
|
||||||
items:
|
|
||||||
- key: measurements
|
|
||||||
path: measurements
|
|
||||||
name: join-config
|
|
||||||
- secret:
|
|
||||||
items:
|
|
||||||
- key: mastersecret
|
|
||||||
path: mastersecret
|
|
||||||
- key: salt
|
|
||||||
path: salt
|
|
||||||
name: constellation-mastersecret
|
|
||||||
updateStrategy: {}
|
|
||||||
@ -38,7 +38,7 @@ spec:
|
|||||||
image: joinServiceImage
|
image: joinServiceImage
|
||||||
args:
|
args:
|
||||||
- --cloud-provider=QEMU
|
- --cloud-provider=QEMU
|
||||||
- --keyservice-endpoint=keyservice.testNamespace:9000
|
- --key-service-endpoint=key-service.testNamespace:9000
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /var/config
|
- mountPath: /var/config
|
||||||
name: config
|
name: config
|
||||||
|
|||||||
@ -0,0 +1,13 @@
|
|||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: key-service
|
||||||
|
name: key-service
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
@ -1,12 +1,12 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: keyservice
|
name: key-service
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: keyservice
|
name: key-service
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: keyservice
|
name: key-service
|
||||||
namespace: testNamespace
|
namespace: testNamespace
|
||||||
@ -0,0 +1,62 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
component: key-service
|
||||||
|
k8s-app: key-service
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
name: key-service
|
||||||
|
namespace: testNamespace
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
k8s-app: key-service
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: key-service
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: key-service
|
||||||
|
image: keyServiceImage
|
||||||
|
args:
|
||||||
|
- --port=9000
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /var/config
|
||||||
|
name: config
|
||||||
|
readOnly: true
|
||||||
|
resources: {}
|
||||||
|
nodeSelector:
|
||||||
|
node-role.kubernetes.io/control-plane: ""
|
||||||
|
priorityClassName: system-cluster-critical
|
||||||
|
serviceAccountName: key-service
|
||||||
|
tolerations:
|
||||||
|
- key: CriticalAddonsOnly
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
key: node-role.kubernetes.io/master
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
key: node-role.kubernetes.io/control-plane
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoExecute
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
operator: Exists
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- configMap:
|
||||||
|
items:
|
||||||
|
- key: measurements
|
||||||
|
path: measurements
|
||||||
|
name: join-config
|
||||||
|
- secret:
|
||||||
|
items:
|
||||||
|
- key: mastersecret
|
||||||
|
path: mastersecret
|
||||||
|
- key: salt
|
||||||
|
path: salt
|
||||||
|
name: constellation-mastersecret
|
||||||
|
updateStrategy: {}
|
||||||
@ -1,7 +1,7 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: keyservice
|
name: key-service
|
||||||
namespace: testNamespace
|
namespace: testNamespace
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
@ -10,7 +10,7 @@ spec:
|
|||||||
protocol: TCP
|
protocol: TCP
|
||||||
targetPort: 9000
|
targetPort: 9000
|
||||||
selector:
|
selector:
|
||||||
k8s-app: keyservice
|
k8s-app: key-service
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
status:
|
status:
|
||||||
loadBalancer: {}
|
loadBalancer: {}
|
||||||
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: keyservice
|
name: key-service
|
||||||
namespace: testNamespace
|
namespace: testNamespace
|
||||||
@ -1,13 +0,0 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: keyservice
|
|
||||||
name: keyservice
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- secrets
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
@ -1,62 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
component: keyservice
|
|
||||||
k8s-app: keyservice
|
|
||||||
kubernetes.io/cluster-service: "true"
|
|
||||||
name: keyservice
|
|
||||||
namespace: testNamespace
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
k8s-app: keyservice
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
k8s-app: keyservice
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: keyservice
|
|
||||||
image: keyserviceImage
|
|
||||||
args:
|
|
||||||
- --port=9000
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /var/config
|
|
||||||
name: config
|
|
||||||
readOnly: true
|
|
||||||
resources: {}
|
|
||||||
nodeSelector:
|
|
||||||
node-role.kubernetes.io/control-plane: ""
|
|
||||||
priorityClassName: system-cluster-critical
|
|
||||||
serviceAccountName: keyservice
|
|
||||||
tolerations:
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoExecute
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
operator: Exists
|
|
||||||
volumes:
|
|
||||||
- name: config
|
|
||||||
projected:
|
|
||||||
sources:
|
|
||||||
- configMap:
|
|
||||||
items:
|
|
||||||
- key: measurements
|
|
||||||
path: measurements
|
|
||||||
name: join-config
|
|
||||||
- secret:
|
|
||||||
items:
|
|
||||||
- key: mastersecret
|
|
||||||
path: mastersecret
|
|
||||||
- key: salt
|
|
||||||
path: salt
|
|
||||||
name: constellation-mastersecret
|
|
||||||
updateStrategy: {}
|
|
||||||
@ -48,8 +48,8 @@ download_chart() {
|
|||||||
|
|
||||||
## GCP CSI Driver
|
## GCP CSI Driver
|
||||||
# TODO: clone from main branch once we rebase on upstream
|
# TODO: clone from main branch once we rebase on upstream
|
||||||
download_chart "https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver" "v1.1.1" "charts" "gcp-compute-persistent-disk-csi-driver"
|
download_chart "https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver" "v1.1.2" "charts" "gcp-compute-persistent-disk-csi-driver"
|
||||||
|
|
||||||
## Azure CSI Driver
|
## Azure CSI Driver
|
||||||
# TODO: clone from main branch once we rebase on upstream
|
# TODO: clone from main branch once we rebase on upstream
|
||||||
download_chart "https://github.com/edgelesssys/constellation-azuredisk-csi-driver" "v1.1.1" "charts/edgeless" "azuredisk-csi-driver"
|
download_chart "https://github.com/edgelesssys/constellation-azuredisk-csi-driver" "v1.1.2" "charts/edgeless" "azuredisk-csi-driver"
|
||||||
|
|||||||
@ -46,8 +46,8 @@ const (
|
|||||||
VerifyServiceNodePortHTTP = 30080
|
VerifyServiceNodePortHTTP = 30080
|
||||||
// VerifyServiceNodePortGRPC GRPC node port for verification service.
|
// VerifyServiceNodePortGRPC GRPC node port for verification service.
|
||||||
VerifyServiceNodePortGRPC = 30081
|
VerifyServiceNodePortGRPC = 30081
|
||||||
// KeyservicePort is the port the KMS server listens on.
|
// KeyServicePort is the port the KMS server listens on.
|
||||||
KeyservicePort = 9000
|
KeyServicePort = 9000
|
||||||
// BootstrapperPort port of bootstrapper.
|
// BootstrapperPort port of bootstrapper.
|
||||||
BootstrapperPort = 9000
|
BootstrapperPort = 9000
|
||||||
// KubernetesPort port for Kubernetes API.
|
// KubernetesPort port for Kubernetes API.
|
||||||
|
|||||||
@ -40,7 +40,7 @@ const vpcIPTimeout = 30 * time.Second
|
|||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
provider := flag.String("cloud-provider", "", "cloud service provider this binary is running on")
|
provider := flag.String("cloud-provider", "", "cloud service provider this binary is running on")
|
||||||
keyserviceEndpoint := flag.String("keyservice-endpoint", "", "endpoint of Constellations key management service")
|
keyServiceEndpoint := flag.String("key-service-endpoint", "", "endpoint of Constellations key management service")
|
||||||
verbosity := flag.Int("v", 0, logger.CmdLineVerbosityDescription)
|
verbosity := flag.Int("v", 0, logger.CmdLineVerbosityDescription)
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
|
|
||||||
@ -78,7 +78,7 @@ func main() {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
log.With(zap.Error(err)).Fatalf("Failed to create kubeadm")
|
log.With(zap.Error(err)).Fatalf("Failed to create kubeadm")
|
||||||
}
|
}
|
||||||
keyserviceClient := kms.New(log.Named("keyserviceClient"), *keyserviceEndpoint)
|
keyServiceClient := kms.New(log.Named("keyServiceClient"), *keyServiceEndpoint)
|
||||||
|
|
||||||
measurementSalt, err := handler.Read(filepath.Join(constants.ServiceBasePath, constants.MeasurementSaltFilename))
|
measurementSalt, err := handler.Read(filepath.Join(constants.ServiceBasePath, constants.MeasurementSaltFilename))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -89,7 +89,7 @@ func main() {
|
|||||||
measurementSalt,
|
measurementSalt,
|
||||||
kubernetesca.New(log.Named("certificateAuthority"), handler),
|
kubernetesca.New(log.Named("certificateAuthority"), handler),
|
||||||
kubeadm,
|
kubeadm,
|
||||||
keyserviceClient,
|
keyServiceClient,
|
||||||
log.Named("server"),
|
log.Named("server"),
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -25,7 +25,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
port := flag.String("port", strconv.Itoa(constants.KeyservicePort), "Port gRPC server listens on")
|
port := flag.String("port", strconv.Itoa(constants.KeyServicePort), "Port gRPC server listens on")
|
||||||
masterSecretPath := flag.String("master-secret", filepath.Join(constants.ServiceBasePath, constants.ConstellationMasterSecretKey), "Path to the Constellation master secret")
|
masterSecretPath := flag.String("master-secret", filepath.Join(constants.ServiceBasePath, constants.ConstellationMasterSecretKey), "Path to the Constellation master secret")
|
||||||
saltPath := flag.String("salt", filepath.Join(constants.ServiceBasePath, constants.ConstellationSaltKey), "Path to the Constellation salt")
|
saltPath := flag.String("salt", filepath.Join(constants.ServiceBasePath, constants.ConstellationSaltKey), "Path to the Constellation salt")
|
||||||
verbosity := flag.Int("v", 0, logger.CmdLineVerbosityDescription)
|
verbosity := flag.Int("v", 0, logger.CmdLineVerbosityDescription)
|
||||||
@ -62,7 +62,7 @@ func main() {
|
|||||||
log.With(zap.Error(err)).Fatalf("Failed to setup KMS")
|
log.With(zap.Error(err)).Fatalf("Failed to setup KMS")
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := server.New(log.Named("keyservice"), conKMS).Run(*port); err != nil {
|
if err := server.New(log.Named("keyService"), conKMS).Run(*port); err != nil {
|
||||||
log.With(zap.Error(err)).Fatalf("Failed to run keyservice server")
|
log.With(zap.Error(err)).Fatalf("Failed to run key-service server")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user