Deploy KMS server image in Constellation

Add image pull secret for ghcr.io
2025-05-06 16:25:21 -04:00 · 2022-04-12 14:07:17 +00:00 · 2022-04-12 14:07:17 +00:00 · db5468a886
commit db5468a886
parent 4dcb3aa062
22 changed files with 384 additions and 33 deletions
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@ -7,6 +7,17 @@ package constants
 import "time"

 const (
+	//
+	// Constellation.
+	//
+
+	// ConstellationNameLength is the maximum length of a Constellation's name.
+	ConstellationNameLength = 37
+	// ConstellationMasterSecretStoreName is the name for the Constellation secrets in Kubernetes.
+	ConstellationMasterSecretStoreName = "constellation-mastersecret"
+	// ConstellationMasterSecretKey is the name of the key for master secret in the master secret store secret.
+	ConstellationMasterSecretKey = "mastersecret"
+
 	//
 	// Ports.
 	//
@ -35,8 +46,14 @@ const (
 	//
 	// Cryptographic constants.
 	//
-	StateDiskKeyLength      = 32
+
+	StateDiskKeyLength = 32
+	// DerivedKeyLengthDefault is the default length in bytes for KMS derived keys.
 	DerivedKeyLengthDefault = 32
+	// MasterSecretLengthDefault is the default length in bytes for CLI generated master secrets.
+	MasterSecretLengthDefault = 32
+	// MasterSecretLengthMin is the minimal length in bytes for user provided master secrets.
+	MasterSecretLengthMin = 16

 	//
 	// CLI.
@ -52,6 +69,14 @@ const (
 	// KubernetesVersion installed by kubeadm.
 	KubernetesVersion      = "stable-1.23"
 	KubernetesJoinTokenTTL = 15 * time.Minute
+
+	//
+	// VPN.
+	//
+
+	// WireguardAdminMTU is the MTU designated for the admin's WireGuard interface.
+	// WireGuard doesn't support Path MTU Discovery. Thus, its default MTU can be too high on some networks.
+	WireguardAdminMTU = 1300
 )

 // CliVersion is the version of the CLI. Left as a separate variable to allow override during build.