Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
Go to file
Otto Bittner 741384158a AB#2076: version specific images (#288)
KubernetesVersion sent by the init command now controls
all downloaded binaries, if they depend on the k8s version.

* Move all download links into /internal/versions.
* Unify files in /internal/versions package
* Move image download links into VersionConfigs
and thus make them dependant on the k8s version,
where the image version is specific to the k8s version.
* Don't specify patch version in k8sVersion
2022-07-21 14:41:07 +02:00
.github Bump docker/login-action from 1.14.1 to 2 (#284) 2022-07-21 09:45:54 +02:00
access_manager Add verbosity flag to all services (#244) 2022-07-01 16:17:06 +02:00
bootstrapper AB#2076: version specific images (#288) 2022-07-21 14:41:07 +02:00
cli fix ci-lint issues (#287) 2022-07-20 16:44:41 +02:00
conformance Fix/bootstrapper regressions (#274) 2022-07-15 11:53:14 +02:00
debugd fix ci-lint issues (#287) 2022-07-20 16:44:41 +02:00
docs [RFC] HKDF key derivation and the use of salts (#275) 2022-07-20 09:16:13 +02:00
hack AB#2074: Choosable K8S Version (#277) 2022-07-18 12:28:02 +02:00
image Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
internal AB#2076: version specific images (#288) 2022-07-21 14:41:07 +02:00
joinservice AB#2076: version specific images (#288) 2022-07-21 14:41:07 +02:00
kms Simplify node lock and various small changes 2022-07-14 17:25:18 +02:00
mount Simplify node lock and various small changes 2022-07-14 17:25:18 +02:00
proto Simplify joinproto 2022-07-14 17:25:18 +02:00
state Simplify node lock and various small changes 2022-07-14 17:25:18 +02:00
terraform/libvirt Use go pseudo versions for container images 2022-07-14 17:34:33 +02:00
verify Add verbosity flag to all services (#244) 2022-07-01 16:17:06 +02:00
.dockerignore Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
.gitignore Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
.golangci.yml monorepo 2022-03-22 16:09:39 +01:00
CHANGELOG.md fix reference for statefile field and unwrap errors (#278) 2022-07-18 14:00:57 +02:00
CMakeLists.txt Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
CONTRIBUTING.md Bootstrapper 2022-07-14 17:25:18 +02:00
Dockerfile.build Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
go.mod Fix/bootstrapper regressions (#274) 2022-07-15 11:53:14 +02:00
go.sum Simplify node lock and various small changes 2022-07-14 17:25:18 +02:00
README.md Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00

Constellation

This is the main repository of Constellation.

Core components:

  • access_manager: Contains the access-manager pod used to persist SSH users based on a K8s ConfigMap
  • cli: The CLI is used to manage a Constellation cluster
  • bootstrapper: The bootstrapper is a node agent whose most important task is to bootstrap a node
  • image: Build files for the Constellation disk image
  • kms: Constellation's key management client and server
  • mount: Package used by CSI plugins to create and mount encrypted block devices
  • state: Contains the disk-mapper that maps the encrypted node data disk during boot

Development components:

  • conformance: Kubernetes conformance tests
  • debugd: Debug daemon and client
  • hack: Development tools
  • proto: Proto files generator
  • terraform: Infrastructure management using terraform (instead of constellation create/destroy)
    • libvirt: Deploy local cluster using terraform, libvirt and QEMU
  • test: Integration test

Additional repositories:

Build

Prerequisites:

  • Go 1.18

  • Docker

  • Packages on Ubuntu:

    sudo apt install build-essential cmake libssl-dev pkg-config libcryptsetup12 libcryptsetup-dev
    
  • Packages on Fedora:

    sudo dnf install @development-tools pkg-config cmake openssl-devel cryptsetup-libs cryptsetup-devel
    
mkdir build
cd build
cmake ..
make -j`nproc`

Testing

You can run all integration and unitttests like this:

ctest -j `nproc`

Cloud credentials

Using the CLI requires the user to make authorized API calls to the CSP API. See the docs for configuration.

Deploying a locally compiled bootstrapper binary

By default, constellation create ... will spawn cloud provider instances with a pre-baked bootstrapper binary. For testing, you can use the constellation debug daemon (debugd) to upload your local bootstrapper binary to running instances and to obtain SSH access. Follow this introduction on how to install and setup cdbg

Development Guides

Deployment Guides