AB#2200 Merge Owner and Cluster ID (#282)

* Merge Owner and Cluster ID into single value * Remove aTLS from KMS, as it is no longer used for cluster external communication * Update verify command to use cluster-id instead of unique-id flag * Remove owner ID from init output Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-05-02 22:34:56 -04:00 · 2022-07-26 10:58:39 +02:00 · 2022-07-26 10:58:39 +02:00 · db79784045
commit db79784045
parent 48d614c959
57 changed files with 746 additions and 585 deletions
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/kms.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/kms.go
@ -15,8 +15,7 @@ import (

 type kmsDeployment struct {
 	ServiceAccount     k8s.ServiceAccount
-	ServiceInternal    k8s.Service
-	ServiceExternal    k8s.Service
+	Service            k8s.Service
 	ClusterRole        rbac.ClusterRole
 	ClusterRoleBinding rbac.ClusterRoleBinding
 	Deployment         apps.Deployment
@ -37,7 +36,7 @@ func NewKMSDeployment(csp string, masterSecret []byte) *kmsDeployment {
 				Namespace: "kube-system",
 			},
 		},
-		ServiceInternal: k8s.Service{
+		Service: k8s.Service{
 			TypeMeta: meta.TypeMeta{
 				APIVersion: "v1",
 				Kind:       "Service",
@ -61,31 +60,6 @@ func NewKMSDeployment(csp string, masterSecret []byte) *kmsDeployment {
 				},
 			},
 		},
-		ServiceExternal: k8s.Service{
-			TypeMeta: meta.TypeMeta{
-				APIVersion: "v1",
-				Kind:       "Service",
-			},
-			ObjectMeta: meta.ObjectMeta{
-				Name:      "kms-external",
-				Namespace: "kube-system",
-			},
-			Spec: k8s.ServiceSpec{
-				Type: k8s.ServiceTypeNodePort,
-				Ports: []k8s.ServicePort{
-					{
-						Name:       "atls",
-						Protocol:   k8s.ProtocolTCP,
-						Port:       constants.KMSATLSPort,
-						TargetPort: intstr.FromInt(constants.KMSATLSPort),
-						NodePort:   constants.KMSNodePort,
-					},
-				},
-				Selector: map[string]string{
-					"k8s-app": "kms",
-				},
-			},
-		},
 		ClusterRole: rbac.ClusterRole{
 			TypeMeta: meta.TypeMeta{
 				APIVersion: "rbac.authorization.k8s.io/v1",
@ -229,9 +203,7 @@ func NewKMSDeployment(csp string, masterSecret []byte) *kmsDeployment {
 								Name:  "kms",
 								Image: versions.KmsImage,
 								Args: []string{
-									fmt.Sprintf("--atls-port=%d", constants.KMSATLSPort),
 									fmt.Sprintf("--port=%d", constants.KMSPort),
-									fmt.Sprintf("--cloud-provider=%s", csp),
 								},
 								VolumeMounts: []k8s.VolumeMount{
 									{