Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
274 Commits 133 Branches 44 Tags 106 MiB
db5468a886
Commit Graph

87 Commits

Author SHA1 Message Date
Christoph Meyer
db5468a886 Deploy KMS server image in Constellation 
Add image pull secret for ghcr.io
 2022-05-31 11:13:26 +02:00
Daniel Weiße
869448c3e1 Add mutual aTLS support (#176) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-05-24 16:33:44 +02:00
Malte Poll
1331ee4077 Install kubernetes on init / join and restart kubelet after reboot 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-05-23 11:40:22 +02:00
Malte Poll
f67cf2d31f k8s binary components version map and install directives 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-05-23 11:40:22 +02:00
Malte Poll
14f6985fe3 Implement binary file installer & extractor 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-05-23 11:40:22 +02:00
Moritz Eckert
6dc97590fe Enable and configure k8s audit-log (#160) 
* Enable and configure k8s audit-log

* Update coordinator/kubernetes/k8sapi/kubeadm_config.go

Co-authored-by: Malte Poll <mp@edgeless.systems>

* add mount point for audit log dir in kubeadm conf

* Mount audit policy into kube-apiserver static pod

* Write default auditpolicy on cluster init / cluster join

Co-authored-by: Malte Poll <mp@edgeless.systems>
 2022-05-20 17:30:37 +02:00
Nils Hanke
c9982b979c Add unit test for SSH user creation on nodes 2022-05-17 18:00:21 +02:00
Nils Hanke
ed071d389c Add SSH users on subsequent coordinators & nodes 2022-05-17 18:00:21 +02:00
Nils Hanke
68092f27dd AB#2046 : Add option to create SSH users for the first coordinator upon initialization (#133) 
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config

Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
 2022-05-16 17:32:00 +02:00
Moritz Eckert
5ad34e0425 Apply CIS benchmark to kubelet conf 
Signed-off-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: Moritz Eckert <me@edgeless.systems>
 2022-05-12 17:25:45 +02:00
Moritz Eckert
adda637609 Apply CIS benchmark for kubeadm clusterconf 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-05-12 17:25:45 +02:00
cm
c63d7126e7 AB#1943 Extract KMS package (#56) 
* Extract kmsapi from coordinator

* Add kmsapi cmd server
 2022-05-10 12:35:17 +02:00
Malte Poll
c9226de9ab Create kubernetes join token on demand 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-05-06 12:12:44 +02:00
Malte Poll
ddcb4dc95f Pin kubernetes version deployed by kubeadm init 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-05-05 09:15:41 +02:00
katexochen
7614c53142 Remove checks for leaking flushDaemon 2022-05-04 17:16:40 +02:00
katexochen
469b2ff46c Rename to contol plane/workers 
AB#1954
 2022-05-04 17:14:03 +02:00
Daniel Weiße
423e29e3ab Update to latest grpc generator 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-05-04 08:48:31 +02:00
Daniel Weiße
29206ac845 Use any instead of interface 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-05-04 08:48:31 +02:00
Malte Poll
17d73813a9 Force lowercase luks disk UUID in disk-mapper, disk-rekeying and recovery 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-05-04 08:41:32 +02:00
Daniel Weiße
10e9faab10 Remove GCP non CVMs 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-05-02 16:03:36 +02:00
Malte Poll
3817a57a83 disable tpm simulator in coordinator release binary 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-29 13:44:09 +02:00
Daniel Weiße
483f65175e Add OID doc comments 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-04-28 14:46:24 +02:00
Daniel Weiße
d9940fddae Only set cloud-provider as external if supported by the CSP 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-04-28 14:46:24 +02:00
Daniel Weiße
dcdfae141d Add qemu CSP for Coordinator 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-04-28 14:46:24 +02:00
Daniel Weiße
956ced6e3d Add qemu vTPM issuer and validator 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-04-28 14:46:24 +02:00
Malte Poll
f5aafd8178 Implement reinitialization of the coordinator after reboot 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-28 14:35:35 +02:00
Malte Poll
ffb471d023 Add GetVPNPeers pubapi endpoint 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-28 14:35:35 +02:00
Malte Poll
f827e479b1 Add VPNIP to nodestate 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-28 14:35:35 +02:00
Malte Poll
f2b3fc328b pubapi: extract StartVPNAPIServer and StartUpdateLoop as separate functions 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-28 14:35:35 +02:00
Malte Poll
77b0237dd5 extract shared grpcutil dialer from pubapi 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-28 14:35:35 +02:00
Thomas Tendyck
87efa50c1d clarify TestConcurrent purpose, limitations, and error expectations 2022-04-26 17:28:08 +02:00
Thomas Tendyck
2ef41d193f revert actNode in TestConcurrent 2022-04-26 17:28:08 +02:00
datosh
51068abc27 Ref/want err from err expected (#82) 
consistent naming for test values using 'want' instead of 'expect/ed'
 2022-04-26 16:54:05 +02:00
katexochen
482f675dac Capitalize Kubernetes 2022-04-26 12:02:17 +02:00
Benedict Schlueter
86178df205 coordinator-core: add multi coordinator Kubernetes integration (#39) 
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
 2022-04-25 17:39:18 +02:00
Benedict Schlueter
0ac9617dac kubernetes: support for certKey request / support for control-plane join 
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
 2022-04-25 17:39:18 +02:00
Benedict Schlueter
d8241a1b38 proto: add new functions / modify ActivateAsCoordinatorRequest 
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
 2022-04-25 17:39:18 +02:00
Daniel Weiße
e5e5161520 Move simulated TPM to own package 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-04-22 16:11:54 +02:00
Leonard Cohnen
2fb4c15753 remove aws nitro attestation 2022-04-21 14:50:22 +02:00
Daniel Weiße
37aff14cab AB#1903 Push keys to restarting nodes on trigger RPC 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-04-21 13:08:02 +02:00
Malte Poll
3ce3978063 update state disk passphrase on activation 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-21 11:45:54 +02:00
Malte Poll
1b6ecf27ee add cryptsetup wrapper to core 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-21 11:45:54 +02:00
Malte Poll
bb56b46e21 implement cryptsetup wrapper to change disk passphrase of constellation state disk 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-21 11:45:54 +02:00
Malte Poll
98aced1b36 remove AWS nitro dependencies & add libcryptsetup 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-21 11:45:54 +02:00
Benedict Schlüter
938beec2ef add KMS to multi-coordinator (#68) 2022-04-20 15:22:39 +02:00
Benedict Schlüter
990ca20469 increase gRPC error message verbosity (#62) 2022-04-16 20:57:33 +02:00
Benedict
8d5c50014d coordinator: add new multi-coord gRPC functions 2022-04-13 14:05:20 +02:00
Benedict
f0e35a43d4 peer: save PublicIP instead of publicEndpoint / add multi-coord gRPCs 2022-04-13 14:05:20 +02:00
Malte Poll
55a1aa783f Persist Node State to disk after node activation 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-13 13:07:10 +02:00
Malte Poll
0501d07f4a VPN: Add method to retrieve wireguard private key 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-13 13:07:10 +02:00