mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
0969ff4ac3
* Fix license integration test * Fix build tags in lint config * Fix missing error checks * Fix use of MarkNodeAsInitialized * Fix attestation tests * Add license integration test to cmake list |
||
---|---|---|
.github | ||
3rdparty | ||
access_manager | ||
bootstrapper | ||
cli | ||
conformance | ||
debugd | ||
docs | ||
hack | ||
image | ||
internal | ||
joinservice | ||
kms | ||
mount | ||
operators/constellation-node-operator | ||
proto | ||
state | ||
terraform/libvirt | ||
verify | ||
.dockerignore | ||
.gitignore | ||
.golangci.yml | ||
CHANGELOG.md | ||
CMakeLists.txt | ||
CONTRIBUTING.md | ||
Dockerfile.build | ||
go.mod | ||
go.sum | ||
README.md |
Constellation
This is the main repository of Constellation.
Core components:
- access_manager: Contains the access-manager pod used to persist SSH users based on a K8s ConfigMap
- cli: The CLI is used to manage a Constellation cluster
- bootstrapper: The bootstrapper is a node agent whose most important task is to bootstrap a node
- image: Build files for the Constellation disk image
- kms: Constellation's key management client and server
- mount: Package used by CSI plugins to create and mount encrypted block devices
- state: Contains the disk-mapper that maps the encrypted node data disk during boot
Development components:
- 3rdparty: Contains the third party dependencies used by Constellation
- conformance: Kubernetes conformance tests
- debugd: Debug daemon and client
- hack: Development tools
- proto: Proto files generator
- terraform: Infrastructure management using terraform (instead of
constellation create/destroy
)- libvirt: Deploy local cluster using terraform, libvirt and QEMU
- test: Integration test
Additional repositories:
- constellation-docs: End-user documentation
- constellation-fedora-coreos-config: CoreOS build configuration with changes for Constellation
- edg-azuredisk-csi-driver: Azure CSI driver with encryption on node
- edg-gcp-compute-persistent-disk-csi-driver: GCP CSI driver with encryption on node
Build
Prerequisites:
-
Packages on Ubuntu:
sudo apt install build-essential cmake libssl-dev pkg-config libcryptsetup12 libcryptsetup-dev
-
Packages on Fedora:
sudo dnf install @development-tools pkg-config cmake openssl-devel cryptsetup-libs cryptsetup-devel
mkdir build
cd build
cmake ..
make -j`nproc`
Testing
You can run all integration and unitttests like this:
ctest -j `nproc`
Cloud credentials
Using the CLI requires the user to make authorized API calls to the CSP API. See the docs for configuration.
Deploying a locally compiled bootstrapper binary
By default, constellation create ...
will spawn cloud provider instances with a pre-baked bootstrapper binary.
For testing, you can use the constellation debug daemon (debugd) to upload your local bootstrapper binary to running instances and to obtain SSH access.
Follow this introduction on how to install and setup cdbg