constellation/coordinator
Moritz Eckert 6dc97590fe Enable and configure k8s audit-log (#160)
* Enable and configure k8s audit-log

* Update coordinator/kubernetes/k8sapi/kubeadm_config.go

Co-authored-by: Malte Poll <mp@edgeless.systems>

* add mount point for audit log dir in kubeadm conf

* Mount audit policy into kube-apiserver static pod

* Write default auditpolicy on cluster init / cluster join

Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 17:30:37 +02:00
..
atls Use any instead of interface 2022-05-04 08:48:31 +02:00
attestation Use any instead of interface 2022-05-04 08:48:31 +02:00
cloudprovider Remove checks for leaking flushDaemon 2022-05-04 17:16:40 +02:00
cmd/coordinator AB#2046 : Add option to create SSH users for the first coordinator upon initialization (#133) 2022-05-16 17:32:00 +02:00
config monorepo 2022-03-22 16:09:39 +01:00
core AB#2046 : Add option to create SSH users for the first coordinator upon initialization (#133) 2022-05-16 17:32:00 +02:00
diskencryption Ref/want err from err expected (#82) 2022-04-26 16:54:05 +02:00
kubernetes Enable and configure k8s audit-log (#160) 2022-05-20 17:30:37 +02:00
nodestate AB#2046 : Add option to create SSH users for the first coordinator upon initialization (#133) 2022-05-16 17:32:00 +02:00
oid Remove GCP non CVMs 2022-05-02 16:03:36 +02:00
peer peer: save PublicIP instead of publicEndpoint / add multi-coord gRPCs 2022-04-13 14:05:20 +02:00
pubapi Add unit test for SSH user creation on nodes 2022-05-17 18:00:21 +02:00
role Ref/want err from err expected (#82) 2022-04-26 16:54:05 +02:00
state monorepo 2022-03-22 16:09:39 +01:00
store Implement reinitialization of the coordinator after reboot 2022-04-28 14:35:35 +02:00
storewrapper AB#1943 Extract KMS package (#56) 2022-05-10 12:35:17 +02:00
util extract shared grpcutil dialer from pubapi 2022-04-28 14:35:35 +02:00
vpnapi Remove checks for leaking flushDaemon 2022-05-04 17:16:40 +02:00
wireguard Ref/want err from err expected (#82) 2022-04-26 16:54:05 +02:00
coordinator_test.go AB#2046 : Add option to create SSH users for the first coordinator upon initialization (#133) 2022-05-16 17:32:00 +02:00
README.md monorepo 2022-03-22 16:09:39 +01:00

Coordinator

The Coordinator/Node architecture is inspired by K8s. The Coordinator resembles kube-apiserver, while the Nodes resemble kubelets.

All peers serve the pubapi, which is exposed publicly. Once initialized, a Coordinator additionally serves the vpnapi, which is exposed inside the VPN.

pubapi

The pubapi provides APIs that are either required from outside the cluster or inside the cluster before the VPN is established.

pubapi connections are protected by attested TLS (atls): the client verifies the server. The server does not verify the client. The APIs must be designed to form a chain of trust, so that no additional verification is needed.

For example, to activate all peers in a new cluster, there's a chain of trust from the CLI via the Coordinator to the Nodes:

  • CLI calls ActivateAsCoordinator
  • Coordinator calls ActivateAsNode

If new Nodes shall be added to the cluster later, they must not activate themselves by the Coordinator, but have to ask it to activate them (using ActivateAdditionalNodes). This way, the chain of trust is preserved.

Try to keep the pubapi small. Prefer adding new functionality to the vpnapi instead.

vpnapi

The vpnapi is served by the Coordinator and can be used by the Nodes after they joined the VPN. Most importantly, the Nodes use it to get updates about added/removed/changed peers.

A Node regularly requests an update from a Coordinator. This is required for fault tolerance: if a Node cannot be provided with updated peer infos at one time, e.g., because of a network issue, it will continue to try and will eventually converge towards the desired state. (Note that this may not be fully implemented yet.)

Peer updates are versioned. The Node sends its last known version number and the Coordinator responds with the current version number and with the updated peers if needed. Currently, updates contain full peer info, but may be changed to incremental in the future.

Core

Both APIs use the Core to fulfill the requests. The Core implements the core logic of a peer. It doesn't know the APIs and should be kept free of any gRPC or other client/server code.

Naming convention

We have defined additional naming conventions for the coordinator.

Entities

  • Coordinator: the thing activated by ActivateAsCoordinator
  • Node: the things activated by ActivateAsNode
  • peer: either Coordinator or Node
  • admin: the user who calls ActivateAsCoordinator

Network

IP addresses:

  • ip: numeric IP address
  • host: either IP address or hostname
  • endpoint: host+port

Interfaces using the addresses:

  • public
  • vpn

Usage: variable namings should then be entityInterfaceKind, e.g.

  • coordinatorPublicEndpoint
  • nodeVPNIP

Entity and/or interface are omitted if not relevant for function contract.

Keys

Kinds:

  • key: symmetric key
  • pubKey: public key
  • privKey: private key

Purpose:

  • entity
  • vpn
  • entityVPN

Example:

  • nodeVPNPubKey