Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
Go to file
Otto Bittner 7cada2c9e8 Add goleak to all tests (#227)
* Run goleak as part of all tests
We are already using goleak in various tests.
This commit adds a TestMain to all remaining tests
and calls goleak.VerifyTestMain in them.
* Add goleak to debugd/deploy package and fix bug.
* Run go mod tidy
* Fix integration tests
* Move goleak invocation for mount integration test
* Ignore leak in state integration tests

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 15:24:36 +02:00
.github Invoke tests through ctest (#230) 2022-06-30 13:26:21 +02:00
access_manager Add goleak to all tests (#227) 2022-06-30 15:24:36 +02:00
activation Add goleak to all tests (#227) 2022-06-30 15:24:36 +02:00
cli Add goleak to all tests (#227) 2022-06-30 15:24:36 +02:00
conformance Add cis benchmark to conformance test (#165) 2022-05-19 14:57:21 +02:00
coordinator Add goleak to all tests (#227) 2022-06-30 15:24:36 +02:00
debugd Add goleak to all tests (#227) 2022-06-30 15:24:36 +02:00
docs terraform libvirt: document usage 2022-05-25 10:30:58 +02:00
hack Add goleak to all tests (#227) 2022-06-30 15:24:36 +02:00
image Always pull newest image version of COSA (#182) 2022-05-31 10:36:29 +02:00
internal Add goleak to all tests (#227) 2022-06-30 15:24:36 +02:00
kms Add goleak to all tests (#227) 2022-06-30 15:24:36 +02:00
mount Add goleak to all tests (#227) 2022-06-30 15:24:36 +02:00
proto Add aTLS endpoint to KMS (#236) 2022-06-29 16:13:01 +02:00
state Add goleak to all tests (#227) 2022-06-30 15:24:36 +02:00
terraform/libvirt AB#2114 Add QEMU metadata API (#237) 2022-06-30 11:14:26 +02:00
test Add aTLS endpoint to KMS (#236) 2022-06-29 16:13:01 +02:00
verify AB#2190 Verification service (#232) 2022-06-28 17:03:28 +02:00
.dockerignore Implement activation service 2022-06-08 17:17:06 +02:00
.gitignore AB#2190 Verification service (#232) 2022-06-28 17:03:28 +02:00
.golangci.yml monorepo 2022-03-22 16:09:39 +01:00
CHANGELOG.md add gcp loadbalancer 2022-06-23 14:00:20 +02:00
CMakeLists.txt Invoke tests through ctest (#230) 2022-06-30 13:26:21 +02:00
CONTRIBUTING.md Inform about Go workspaces in CONTRIBUTING.md 2022-06-01 12:15:02 +02:00
Dockerfile.build fix build coordinator workflow (#190) 2022-06-01 17:17:37 +02:00
go.mod Upgrade to Cobra v1.5.0 & go mod tidy 2022-06-28 13:55:50 +02:00
go.sum Upgrade to Cobra v1.5.0 & go mod tidy 2022-06-28 13:55:50 +02:00
README.md Invoke tests through ctest (#230) 2022-06-30 13:26:21 +02:00

Constellation

This is the main repository of Constellation.

Core components:

  • access_manager: Contains the access-manager pod used to persist SSH users based on a K8s ConfigMap
  • cli: The CLI is used to manage a Constellation cluster
  • coordinator: The Coordinator is a node agent whose most important task is to bootstrap a node
  • image: Build files for the Constellation disk image
  • kms: Constellation's key management client and server
  • mount: Package used by CSI plugins to create and mount encrypted block devices
  • state: Contains the disk-mapper that maps the encrypted node data disk during boot

Development components:

  • conformance: Kubernetes conformance tests
  • debugd: Debug daemon and client
  • hack: Development tools
  • proto: Proto files generator
  • terraform: Infrastructure management using terraform (instead of constellation create/destroy)
    • libvirt: Deploy local cluster using terraform, libvirt and QEMU
  • test: Integration test

Additional repositories:

Build

Prerequisites:

  • Go 1.18

  • Docker

  • Packages on Ubuntu:

    sudo apt install build-essential cmake libssl-dev pkg-config libcryptsetup12 libcryptsetup-dev
    
  • Packages on Fedora:

    sudo dnf install @development-tools pkg-config cmake openssl-devel cryptsetup-libs cryptsetup-devel
    
mkdir build
cd build
cmake ..
make -j`nproc`

Testing

You can run all integration and unitttests like this:

ctest -j `nproc`

Cloud credentials

Using the CLI requires the user to make authorized API calls to the CSP API. See the docs for configuration.

Deploying a locally compiled coordinator binary

By default, constellation create ... will spawn cloud provider instances with a pre-baked coordinator binary. For testing, you can use the constellation debug daemon (debugd) to upload your local coordinator binary to running instances and to obtain SSH access. Follow this introduction on how to install and setup cdbg

Development Guides

Deployment Guides