Daniel Weiße
1e19e64fbc
Dynamic grpc client credentials ( #204 )
...
* Add an aTLS wrapper for grpc credentials
* Move grpc dialers to internal and use aTLS grpc credentials
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-13 11:40:27 +02:00
Fabian Kammel
84552ca8f7
AB#2104 Feat/azure logging ( #198 )
...
implementation for azure early boot logging
2022-06-10 13:18:30 +02:00
katexochen
4d50e4c657
Refactor coordinator run function
2022-06-08 17:33:51 +02:00
Daniel Weiße
3467df6b69
Move attestation, atls and oid packages to internal directory
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Daniel Weiße
0941ce8c7e
Allow passing nil issuer to not embed attestation
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
katexochen
180d7872dd
Separate shared azure code
2022-06-08 11:59:23 +02:00
katexochen
48b4f10207
Separate shared gcp code
2022-06-08 11:53:55 +02:00
Leonard Cohnen
e5c4171a14
fix cilium encryption in gcp
2022-06-04 18:43:42 +02:00
Fabian Kammel
a15605475e
AB#2104 early boot logging ( #175 )
2022-06-03 11:55:18 +02:00
Leonard Cohnen
791d5564ba
replace flannel with cilium
2022-06-02 13:08:25 +02:00
Christoph Meyer
db5468a886
Deploy KMS server image in Constellation
...
Add image pull secret for ghcr.io
2022-05-31 11:13:26 +02:00
Daniel Weiße
869448c3e1
Add mutual aTLS support ( #176 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-24 16:33:44 +02:00
Malte Poll
1331ee4077
Install kubernetes on init / join and restart kubelet after reboot
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Malte Poll
f67cf2d31f
k8s binary components version map and install directives
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Malte Poll
14f6985fe3
Implement binary file installer & extractor
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Moritz Eckert
6dc97590fe
Enable and configure k8s audit-log ( #160 )
...
* Enable and configure k8s audit-log
* Update coordinator/kubernetes/k8sapi/kubeadm_config.go
Co-authored-by: Malte Poll <mp@edgeless.systems>
* add mount point for audit log dir in kubeadm conf
* Mount audit policy into kube-apiserver static pod
* Write default auditpolicy on cluster init / cluster join
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 17:30:37 +02:00
Nils Hanke
c9982b979c
Add unit test for SSH user creation on nodes
2022-05-17 18:00:21 +02:00
Nils Hanke
ed071d389c
Add SSH users on subsequent coordinators & nodes
2022-05-17 18:00:21 +02:00
Nils Hanke
68092f27dd
AB#2046 : Add option to create SSH users for the first coordinator upon initialization ( #133 )
...
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config
Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
2022-05-16 17:32:00 +02:00
Moritz Eckert
5ad34e0425
Apply CIS benchmark to kubelet conf
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: Moritz Eckert <me@edgeless.systems>
2022-05-12 17:25:45 +02:00
Moritz Eckert
adda637609
Apply CIS benchmark for kubeadm clusterconf
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-12 17:25:45 +02:00
cm
c63d7126e7
AB#1943 Extract KMS package ( #56 )
...
* Extract kmsapi from coordinator
* Add kmsapi cmd server
2022-05-10 12:35:17 +02:00
Malte Poll
c9226de9ab
Create kubernetes join token on demand
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-06 12:12:44 +02:00
Malte Poll
ddcb4dc95f
Pin kubernetes version deployed by kubeadm init
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-05 09:15:41 +02:00
katexochen
7614c53142
Remove checks for leaking flushDaemon
2022-05-04 17:16:40 +02:00
katexochen
469b2ff46c
Rename to contol plane/workers
...
AB#1954
2022-05-04 17:14:03 +02:00
Daniel Weiße
423e29e3ab
Update to latest grpc generator
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-04 08:48:31 +02:00
Daniel Weiße
29206ac845
Use any instead of interface
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-04 08:48:31 +02:00
Malte Poll
17d73813a9
Force lowercase luks disk UUID in disk-mapper, disk-rekeying and recovery
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-04 08:41:32 +02:00
Daniel Weiße
10e9faab10
Remove GCP non CVMs
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-02 16:03:36 +02:00
Malte Poll
3817a57a83
disable tpm simulator in coordinator release binary
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-29 13:44:09 +02:00
Daniel Weiße
483f65175e
Add OID doc comments
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-28 14:46:24 +02:00
Daniel Weiße
d9940fddae
Only set cloud-provider as external if supported by the CSP
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-28 14:46:24 +02:00
Daniel Weiße
dcdfae141d
Add qemu CSP for Coordinator
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-28 14:46:24 +02:00
Daniel Weiße
956ced6e3d
Add qemu vTPM issuer and validator
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-28 14:46:24 +02:00
Malte Poll
f5aafd8178
Implement reinitialization of the coordinator after reboot
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Malte Poll
ffb471d023
Add GetVPNPeers pubapi endpoint
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Malte Poll
f827e479b1
Add VPNIP to nodestate
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Malte Poll
f2b3fc328b
pubapi: extract StartVPNAPIServer and StartUpdateLoop as separate functions
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Malte Poll
77b0237dd5
extract shared grpcutil dialer from pubapi
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Thomas Tendyck
87efa50c1d
clarify TestConcurrent purpose, limitations, and error expectations
2022-04-26 17:28:08 +02:00
Thomas Tendyck
2ef41d193f
revert actNode in TestConcurrent
2022-04-26 17:28:08 +02:00
datosh
51068abc27
Ref/want err from err expected ( #82 )
...
consistent naming for test values using 'want' instead of 'expect/ed'
2022-04-26 16:54:05 +02:00
katexochen
482f675dac
Capitalize Kubernetes
2022-04-26 12:02:17 +02:00
Benedict Schlueter
86178df205
coordinator-core: add multi coordinator Kubernetes integration ( #39 )
...
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-25 17:39:18 +02:00
Benedict Schlueter
0ac9617dac
kubernetes: support for certKey request / support for control-plane join
...
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-25 17:39:18 +02:00
Benedict Schlueter
d8241a1b38
proto: add new functions / modify ActivateAsCoordinatorRequest
...
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-25 17:39:18 +02:00
Daniel Weiße
e5e5161520
Move simulated TPM to own package
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-22 16:11:54 +02:00
Leonard Cohnen
2fb4c15753
remove aws nitro attestation
2022-04-21 14:50:22 +02:00
Daniel Weiße
37aff14cab
AB#1903 Push keys to restarting nodes on trigger RPC
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-21 13:08:02 +02:00