Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-12-15 16:09:39 -05:00
Code Issues Projects Releases Packages Wiki Activity

docs: publish access manager removal

Browse source
This commit is contained in:
Thomas Tendyck 2022-11-11 16:23:06 +01:00 committed by Thomas Tendyck
parent 5009de823f
commit cf82794b1d
5 changed files with 29 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

7
docs/versioned_docs/version-2.2/architecture/components.md
View file

@ -8,7 +8,6 @@ These features are provided by several components:
* The [JoinService](components.md#joinservice) joins new nodes to an existing cluster
* The [VerificationService](components.md#verificationservice) provides remote attestation functionality
* The [Key Management Service (KMS)](components.md#kms) manages Constellation-internal keys
* The [AccessManager](components.md#accessmanager) manages node SSH access
The relations between components are shown in the following diagram:
@ -22,7 +21,6 @@ flowchart LR
C[Bootstrapper]
end
subgraph Kubernetes
D[AccessManager]
E[JoinService]
F[KMS]
G[VerificationService]
@ -74,8 +72,3 @@ Read more about the hardware-based [attestation feature](attestation.md) of Cons
The *KMS* runs as DaemonSet on each control-plane node.
It implements the key management for the [storage encryption keys](keys.md#storage-encryption) in Constellation. These keys are used for the [state disk](images.md#state-disk) of each node and the [transparently encrypted storage](encrypted-storage.md) for Kubernetes.
Depending on wether the [constellation-managed](keys.md#constellation-managed-key-management) or [user-managed](keys.md#user-managed-key-management) mode is used, the *KMS* holds the key encryption key (KEK) directly or calls an external service for key derivation respectively.
## AccessManager
The *AccessManager* runs as DaemonSet on each node.
It manages the user's SSH access to nodes as specified in the config.