constellation/coordinator
2022-06-08 17:33:51 +02:00
..
cloudprovider Separate shared azure code 2022-06-08 11:59:23 +02:00
cmd/coordinator Refactor coordinator run function 2022-06-08 17:33:51 +02:00
config monorepo 2022-03-22 16:09:39 +01:00
core Move attestation, atls and oid packages to internal directory 2022-06-08 17:17:06 +02:00
diskencryption Ref/want err from err expected (#82) 2022-04-26 16:54:05 +02:00
kubernetes fix cilium encryption in gcp 2022-06-04 18:43:42 +02:00
logging AB#2104 early boot logging (#175) 2022-06-03 11:55:18 +02:00
nodestate AB#2046 : Add option to create SSH users for the first coordinator upon initialization (#133) 2022-05-16 17:32:00 +02:00
peer peer: save PublicIP instead of publicEndpoint / add multi-coord gRPCs 2022-04-13 14:05:20 +02:00
pubapi Move attestation, atls and oid packages to internal directory 2022-06-08 17:17:06 +02:00
role Ref/want err from err expected (#82) 2022-04-26 16:54:05 +02:00
state monorepo 2022-03-22 16:09:39 +01:00
store Refactor coordinator run function 2022-06-08 17:33:51 +02:00
storewrapper AB#1943 Extract KMS package (#56) 2022-05-10 12:35:17 +02:00
util Move attestation, atls and oid packages to internal directory 2022-06-08 17:17:06 +02:00
vpnapi replace flannel with cilium 2022-06-02 13:08:25 +02:00
wireguard Ref/want err from err expected (#82) 2022-04-26 16:54:05 +02:00
coordinator_test.go Move attestation, atls and oid packages to internal directory 2022-06-08 17:17:06 +02:00
README.md monorepo 2022-03-22 16:09:39 +01:00

Coordinator

The Coordinator/Node architecture is inspired by K8s. The Coordinator resembles kube-apiserver, while the Nodes resemble kubelets.

All peers serve the pubapi, which is exposed publicly. Once initialized, a Coordinator additionally serves the vpnapi, which is exposed inside the VPN.

pubapi

The pubapi provides APIs that are either required from outside the cluster or inside the cluster before the VPN is established.

pubapi connections are protected by attested TLS (atls): the client verifies the server. The server does not verify the client. The APIs must be designed to form a chain of trust, so that no additional verification is needed.

For example, to activate all peers in a new cluster, there's a chain of trust from the CLI via the Coordinator to the Nodes:

  • CLI calls ActivateAsCoordinator
  • Coordinator calls ActivateAsNode

If new Nodes shall be added to the cluster later, they must not activate themselves by the Coordinator, but have to ask it to activate them (using ActivateAdditionalNodes). This way, the chain of trust is preserved.

Try to keep the pubapi small. Prefer adding new functionality to the vpnapi instead.

vpnapi

The vpnapi is served by the Coordinator and can be used by the Nodes after they joined the VPN. Most importantly, the Nodes use it to get updates about added/removed/changed peers.

A Node regularly requests an update from a Coordinator. This is required for fault tolerance: if a Node cannot be provided with updated peer infos at one time, e.g., because of a network issue, it will continue to try and will eventually converge towards the desired state. (Note that this may not be fully implemented yet.)

Peer updates are versioned. The Node sends its last known version number and the Coordinator responds with the current version number and with the updated peers if needed. Currently, updates contain full peer info, but may be changed to incremental in the future.

Core

Both APIs use the Core to fulfill the requests. The Core implements the core logic of a peer. It doesn't know the APIs and should be kept free of any gRPC or other client/server code.

Naming convention

We have defined additional naming conventions for the coordinator.

Entities

  • Coordinator: the thing activated by ActivateAsCoordinator
  • Node: the things activated by ActivateAsNode
  • peer: either Coordinator or Node
  • admin: the user who calls ActivateAsCoordinator

Network

IP addresses:

  • ip: numeric IP address
  • host: either IP address or hostname
  • endpoint: host+port

Interfaces using the addresses:

  • public
  • vpn

Usage: variable namings should then be entityInterfaceKind, e.g.

  • coordinatorPublicEndpoint
  • nodeVPNIP

Entity and/or interface are omitted if not relevant for function contract.

Keys

Kinds:

  • key: symmetric key
  • pubKey: public key
  • privKey: private key

Purpose:

  • entity
  • vpn
  • entityVPN

Example:

  • nodeVPNPubKey