Commit Graph

45 Commits

Author SHA1 Message Date
Daniel Weiße
b10b13b173 Replace logging with default logging interface (#233)
* Add test logger

* Refactor access manager logging

* Refactor activation service logging

* Refactor debugd logging

* Refactor kms server logging

* Refactor disk-mapper logging

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 16:51:30 +02:00
Christoph Meyer
9441e46e4b AB#2033 Remove redundant "failed" in error wrapping
Remove "failed" from wrapped errors
Where appropriate rephrase "unable to/could not" to "failed" in root
errors
Start error log messages with "Failed"
2022-06-22 12:02:10 +01:00
katexochen
b926cf9006 Move aTLS fakes into atls package 2022-06-15 16:31:24 +02:00
Daniel Weiße
4842d29aff AB#2111 Deploy activation service on cluster init (#205)
* Deploy activation service on cluster init

* Use base image with CA certificates for activation service

* Improve KMS server 

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 16:00:48 +02:00
Nils Hanke
f0b8412ef8 constellation-access-manager: Persistent SSH as ConfigMap (#184) 2022-06-13 16:23:19 +02:00
Daniel Weiße
1e19e64fbc Dynamic grpc client credentials (#204)
* Add an aTLS wrapper for grpc credentials

* Move grpc dialers to internal and use aTLS grpc credentials

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-13 11:40:27 +02:00
Daniel Weiße
3467df6b69 Move attestation, atls and oid packages to internal directory
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Fabian Kammel
a15605475e AB#2104 early boot logging (#175) 2022-06-03 11:55:18 +02:00
Leonard Cohnen
791d5564ba replace flannel with cilium 2022-06-02 13:08:25 +02:00
Christoph Meyer
db5468a886 Deploy KMS server image in Constellation
Add image pull secret for ghcr.io
2022-05-31 11:13:26 +02:00
Daniel Weiße
869448c3e1 Add mutual aTLS support (#176)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-24 16:33:44 +02:00
Malte Poll
1331ee4077 Install kubernetes on init / join and restart kubelet after reboot
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Nils Hanke
68092f27dd AB#2046 : Add option to create SSH users for the first coordinator upon initialization (#133)
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config

Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
2022-05-16 17:32:00 +02:00
cm
c63d7126e7 AB#1943 Extract KMS package (#56)
* Extract kmsapi from coordinator

* Add kmsapi cmd server
2022-05-10 12:35:17 +02:00
Malte Poll
c9226de9ab Create kubernetes join token on demand
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-06 12:12:44 +02:00
katexochen
7614c53142 Remove checks for leaking flushDaemon 2022-05-04 17:16:40 +02:00
Malte Poll
17d73813a9 Force lowercase luks disk UUID in disk-mapper, disk-rekeying and recovery
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-04 08:41:32 +02:00
Daniel Weiße
d9940fddae Only set cloud-provider as external if supported by the CSP
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-28 14:46:24 +02:00
Malte Poll
f5aafd8178 Implement reinitialization of the coordinator after reboot
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Malte Poll
f827e479b1 Add VPNIP to nodestate
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Malte Poll
77b0237dd5 extract shared grpcutil dialer from pubapi
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
datosh
51068abc27 Ref/want err from err expected (#82)
consistent naming for test values using 'want' instead of 'expect/ed'
2022-04-26 16:54:05 +02:00
katexochen
482f675dac Capitalize Kubernetes 2022-04-26 12:02:17 +02:00
Benedict Schlueter
86178df205 coordinator-core: add multi coordinator Kubernetes integration (#39)
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-25 17:39:18 +02:00
Benedict Schlueter
0ac9617dac kubernetes: support for certKey request / support for control-plane join
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-25 17:39:18 +02:00
Daniel Weiße
e5e5161520 Move simulated TPM to own package
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-22 16:11:54 +02:00
Daniel Weiße
37aff14cab AB#1903 Push keys to restarting nodes on trigger RPC
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-21 13:08:02 +02:00
Malte Poll
3ce3978063 update state disk passphrase on activation
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-21 11:45:54 +02:00
Malte Poll
1b6ecf27ee add cryptsetup wrapper to core
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-21 11:45:54 +02:00
Benedict Schlüter
938beec2ef add KMS to multi-coordinator (#68) 2022-04-20 15:22:39 +02:00
Benedict
f0e35a43d4 peer: save PublicIP instead of publicEndpoint / add multi-coord gRPCs 2022-04-13 14:05:20 +02:00
Malte Poll
55a1aa783f Persist Node State to disk after node activation
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-13 13:07:10 +02:00
Malte Poll
0501d07f4a VPN: Add method to retrieve wireguard private key
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-13 13:07:10 +02:00
Malte Poll
bcd8c36777 Coordinator start: add skeleton to check for pre-existing node state
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-12 14:11:07 +02:00
Thomas Tendyck
ea4b9d2d85 coordinator: send additional status log messages to cli in ActivateAsCoordinator 2022-04-05 16:23:48 +02:00
Benedict
8a6825c429 refactor storewrapper IP handling / add coordinator IP-Block 2022-03-30 14:37:43 +02:00
Benedict Schlüter
719b6d5f6f separate addPeer into VPN- and store-add (#18) 2022-03-29 16:49:11 +02:00
Malte Poll
1e7794b4c2 Add Secrets / Volumes / VolumeMounts / Env to cluster-autoscaler deployment 2022-03-29 15:13:30 +02:00
Malte Poll
efdd88459b fix cloud-node-manager stub 2022-03-29 15:13:30 +02:00
Malte Poll
78d2358b9c k8s: Use cloud provider ip as kubelet node-ip (if available) 2022-03-28 13:35:21 +02:00
Malte Poll
f5eddf8af0 Cloud providers: Add CloudNodeManager 2022-03-28 13:35:21 +02:00
Malte Poll
2158377f9f Cloud providers: Extend CCM with ExtraArgs / ConfigMaps / Secrets / Volumes / VolumeMounts and provide CloudServiceAccountURI 2022-03-28 13:35:21 +02:00
Benedict Schlüter
6f695892bf move updatePeers directly to the VPN and omit the store layer (#4) 2022-03-25 16:05:17 +01:00
Daniel Weiße
f8e9c70337 Rework kms folder structure
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-25 09:38:16 +01:00
Leonard Cohnen
2d8fcd9bf4 monorepo
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
Co-authored-by: leongross <leon.gross@rub.de>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-03-22 16:09:39 +01:00