Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
Go to file
Paul Meyer 0969ff4ac3 Fix tests and linting (#370)
* Fix license integration test
* Fix build tags in lint config
* Fix missing error checks
* Fix use of MarkNodeAsInitialized
* Fix attestation tests
* Add license integration test to cmake list
2022-08-17 13:50:43 +02:00
.github Build GCP guest agent from github actions in constellation repo 2022-08-16 08:47:58 +02:00
3rdparty Build GCP guest agent from github actions in constellation repo 2022-08-16 08:47:58 +02:00
access_manager AB#2222 replace unlicensed passwd package with own implementation 2022-07-25 15:10:29 +02:00
bootstrapper Build GCP guest agent from github actions in constellation repo 2022-08-16 08:47:58 +02:00
cli AB#2299 License check in CLI during init (#366) 2022-08-16 16:06:38 +02:00
conformance Fix/bootstrapper regressions (#274) 2022-07-15 11:53:14 +02:00
debugd AB#2306 Public image sharing in Google (#358) 2022-08-16 15:53:54 +02:00
docs AB#2323 Update release docs (#367) 2022-08-17 10:59:10 +02:00
hack Remove azure-sdk-for-go/armnetwork replace directive (#371) 2022-08-17 11:19:40 +02:00
image AB#2306 Public image sharing in Google (#358) 2022-08-16 15:53:54 +02:00
internal Fix tests and linting (#370) 2022-08-17 13:50:43 +02:00
joinservice AB#2278 Remove hardcoded values from config (#346) 2022-08-08 11:04:17 +02:00
kms Fix tests and linting (#370) 2022-08-17 13:50:43 +02:00
mount Fix tests and linting (#370) 2022-08-17 13:50:43 +02:00
operators/constellation-node-operator [node-operator] nodeimage-controller: improve test robustness 2022-08-16 08:47:34 +02:00
proto Enable integrity protection on boot (#300) 2022-08-02 12:35:23 +02:00
state Fix tests and linting (#370) 2022-08-17 13:50:43 +02:00
terraform/libvirt Use go pseudo versions for container images 2022-07-14 17:34:33 +02:00
verify fix linter issues (#329) 2022-08-02 16:25:47 +02:00
.dockerignore Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
.gitignore Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
.golangci.yml Fix tests and linting (#370) 2022-08-17 13:50:43 +02:00
CHANGELOG.md AB#2306 Public image sharing in Google (#358) 2022-08-16 15:53:54 +02:00
CMakeLists.txt Fix tests and linting (#370) 2022-08-17 13:50:43 +02:00
CONTRIBUTING.md AB#2306 Public image sharing in Google (#358) 2022-08-16 15:53:54 +02:00
Dockerfile.build Add clone3-workaround to bootstrapper build container 2022-08-10 17:17:23 +02:00
go.mod Remove azure-sdk-for-go/armnetwork replace directive (#371) 2022-08-17 11:19:40 +02:00
go.sum Remove azure-sdk-for-go/armnetwork replace directive (#371) 2022-08-17 11:19:40 +02:00
README.md Update README 2022-08-05 12:37:22 +02:00

Constellation

This is the main repository of Constellation.

E2ETestAzure E2ETestGCP Go Report Card Discord Chat

Core components:

  • access_manager: Contains the access-manager pod used to persist SSH users based on a K8s ConfigMap
  • cli: The CLI is used to manage a Constellation cluster
  • bootstrapper: The bootstrapper is a node agent whose most important task is to bootstrap a node
  • image: Build files for the Constellation disk image
  • kms: Constellation's key management client and server
  • mount: Package used by CSI plugins to create and mount encrypted block devices
  • state: Contains the disk-mapper that maps the encrypted node data disk during boot

Development components:

  • 3rdparty: Contains the third party dependencies used by Constellation
  • conformance: Kubernetes conformance tests
  • debugd: Debug daemon and client
  • hack: Development tools
  • proto: Proto files generator
  • terraform: Infrastructure management using terraform (instead of constellation create/destroy)
    • libvirt: Deploy local cluster using terraform, libvirt and QEMU
  • test: Integration test

Additional repositories:

Build

Prerequisites:

  • Go 1.18

  • Docker

  • Packages on Ubuntu:

    sudo apt install build-essential cmake libssl-dev pkg-config libcryptsetup12 libcryptsetup-dev
    
  • Packages on Fedora:

    sudo dnf install @development-tools pkg-config cmake openssl-devel cryptsetup-libs cryptsetup-devel
    
mkdir build
cd build
cmake ..
make -j`nproc`

Testing

You can run all integration and unitttests like this:

ctest -j `nproc`

Cloud credentials

Using the CLI requires the user to make authorized API calls to the CSP API. See the docs for configuration.

Deploying a locally compiled bootstrapper binary

By default, constellation create ... will spawn cloud provider instances with a pre-baked bootstrapper binary. For testing, you can use the constellation debug daemon (debugd) to upload your local bootstrapper binary to running instances and to obtain SSH access. Follow this introduction on how to install and setup cdbg

Development Guides

Deployment Guides