7.9 KiB
First steps
Thank you for getting involved! Before you start, please familiarize yourself with the documentation.
Please follow our Code of Conduct when interacting with this project.
If you want to support our development:
- Add a GitHub Star to the project
- Share our projects on social media
- Join the Confidential Computing Discord
Constellation is licensed under the TODO. When contributing, you also need to agree to our Contributor License Agreement.
Development guidelines
Adhere to the style and best practices described in Effective Go. Read Common Review Comments for further information.
Pull request process
Submissions should remain focused in scope and avoid containing unrelated commits. For pull requests, we employ the following workflow:
- Fork the repository to your own GitHub account
- Create a branch locally with a descriptive name
- Commit changes to the branch
- Write your code according to our development guidelines
- Push changes to your fork
- Clean up your commit history
- Open a PR in our repository and summarize the changes in the description
Reporting issues and bugs, asking questions
This project uses the GitHub issue tracker. Please check the existing issues before submitting to avoid duplicates.
To report a security issue, contact security@edgeless.systems.
Your bug report should cover the following points:
- A quick summary and/or background of the issue
- Steps to reproduce (be specific, e.g., provide sample code)
- What you expected would happen
- What actually happens
- Further notes:
- Thoughts on possible causes
- Tested workarounds or fixes
Major changes and feature requests
You should discuss larger changes and feature requests with the maintainers. Please open an issue describing your plans.
Repository Layout
Core components:
- access_manager: Contains the access-manager pod used to persist SSH users based on a K8s ConfigMap
- cli: The CLI is used to manage a Constellation cluster
- bootstrapper: The bootstrapper is a node agent whose most important task is to bootstrap a node
- image: Build files for the Constellation disk image
- kms: Constellation's key management client and server
- mount: Package used by CSI plugins to create and mount encrypted block devices
- state: Contains the disk-mapper that maps the encrypted node data disk during boot
Development components:
- 3rdparty: Contains the third party dependencies used by Constellation
- conformance: Kubernetes conformance tests
- debugd: Debug daemon and client
- hack: Development tools
- proto: Proto files generator
- terraform: Infrastructure management using terraform (instead of
constellation create/destroy)- libvirt: Deploy local cluster using terraform, libvirt and QEMU
- test: Integration test
Additional repositories:
- constellation-docs: End-user documentation
- constellation-fedora-coreos-config: CoreOS build configuration with changes for Constellation
- edg-azuredisk-csi-driver: Azure CSI driver with encryption on node
- edg-gcp-compute-persistent-disk-csi-driver: GCP CSI driver with encryption on node
Build
Prerequisites:
-
Packages on Ubuntu:
sudo apt install build-essential cmake libssl-dev pkg-config libcryptsetup12 libcryptsetup-dev -
Packages on Fedora:
sudo dnf install @development-tools pkg-config cmake openssl-devel cryptsetup-libs cryptsetup-devel
mkdir build
cd build
cmake ..
make -j`nproc`
Testing
You can run all integration and unitttests like this:
ctest -j `nproc`
Debug Images
⚠️ These images are not safe to use in production environments. ⚠️
As described in debugd, it is possible to use a CoreOS image targeted at dev environments. This image allows to upload any bootstrapper using cdbg.
To enable the upload, an additional unsecured port (4000) is opened which accepts any binary to be run on target machine. Make sure that this machine is not exposed to the internet.
Cloud credentials
Using the CLI requires the user to make authorized API calls to the CSP API. See the docs for configuration.
Deploying a locally compiled bootstrapper binary
By default, constellation create ... will spawn cloud provider instances with a pre-baked bootstrapper binary.
For testing, you can use the constellation debug daemon (debugd) to upload your local bootstrapper binary to running instances and to obtain SSH access.
Follow this introduction on how to install and setup cdbg
Development Guides
Deployment Guides
Linting
This projects uses golangci-lint for linting. You can install golangci-lint locally, but there is also a CI action to ensure compliance.
To locally run all configured linters, execute
golangci-lint run ./...
It is also recommended to use golangci-lint (and gofumpt as formatter) in your IDE, by adding the recommended VS Code Settings or by configuring it yourself
Nested Go modules
As this project contains nested Go modules, it is recommended to create a local Go workspace, so your IDE can lint multiple modules at once.
go 1.18
use (
.
./hack
./operators/constellation-node-operator
)
You can find an introduction in the Go workspace tutorial.
If you have changed dependencies within a module and have run go mod tidy, you can use go work sync to sync versions of the same dependency of the different modules.
Recommended VS Code Settings
The following can be added to your personal settings.json, but it is recommended to add it to
the <REPOSITORY>/.vscode/settings.json repo, so the settings will only affect this repository.
// Use gofumpt as formatter.
"gopls": {
"formatting.gofumpt": true,
},
// Use golangci-lint as linter. Make sure you've installed it.
"go.lintTool":"golangci-lint",
"go.lintFlags": ["--fast"],
// You can easily show Go test coverage by running a package test.
"go.coverageOptions": "showUncoveredCodeOnly",
// Executing unit tests with race detection.
// You can add preferences like "-v" or "-count=1"
"go.testFlags": ["-race"],
// Enable language features for files with build tags.
// Attention! This leads to integration test being executed when
// running a package test within a package containing integration
// tests.
"go.buildTags": "integration",
Naming convention
Network
IP addresses:
- ip: numeric IP address
- host: either IP address or hostname
- endpoint: host+port
Keys
- key: symmetric key
- pubKey: public key
- privKey: private key