Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
Go to file
Fabian Kammel d856b0cd86 Feat/measurements in e2e (#218)
* Make e2e pipeline use the latest image available.

* Use pcr-reader to read & store measurements.

* buildvcs false in ci

* only notify teams on main

* plain yq syntax, since if already checks for csp

* previous version of yq requires explicit eval

* fix pcr-reader call

* actually pass variable between jobs

* fix typo

* Make order of images consistent.

* read measurements after create

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-20 10:30:59 +02:00
.github Feat/measurements in e2e (#218) 2022-06-20 10:30:59 +02:00
access_manager constellation-access-manager: Persistent SSH as ConfigMap (#184) 2022-06-13 16:23:19 +02:00
activation AB#2111 Deploy activation service on cluster init (#205) 2022-06-15 16:00:48 +02:00
cli Create Application Insights early so they are ready when VM needs them. (#213) 2022-06-15 12:19:41 +02:00
conformance Add cis benchmark to conformance test (#165) 2022-05-19 14:57:21 +02:00
coordinator Move aTLS fakes into atls package 2022-06-15 16:31:24 +02:00
debugd Feat/measurements in e2e (#218) 2022-06-20 10:30:59 +02:00
docs terraform libvirt: document usage 2022-05-25 10:30:58 +02:00
hack AB#2104 Feat/azure logging (#198) 2022-06-10 13:18:30 +02:00
image Always pull newest image version of COSA (#182) 2022-05-31 10:36:29 +02:00
internal Move aTLS fakes into atls package 2022-06-15 16:31:24 +02:00
kms AB#2111 Deploy activation service on cluster init (#205) 2022-06-15 16:00:48 +02:00
mount AB#2103 Derive key from LUKS UUID instead of disk name (#156) 2022-05-19 08:47:17 +02:00
proto Implement activation service 2022-06-08 17:17:06 +02:00
state Move aTLS fakes into atls package 2022-06-15 16:31:24 +02:00
terraform/libvirt Add machine variable to terraform module (#179) 2022-05-30 10:29:34 +02:00
test Move aTLS fakes into atls package 2022-06-15 16:31:24 +02:00
.dockerignore Implement activation service 2022-06-08 17:17:06 +02:00
.gitignore Remove and ignore Go workspace files 2022-06-01 12:15:02 +02:00
.golangci.yml monorepo 2022-03-22 16:09:39 +01:00
CHANGELOG.md AB#2111 Deploy activation service on cluster init (#205) 2022-06-15 16:00:48 +02:00
CMakeLists.txt Add unittest-hack tests to ctest (#220) 2022-06-17 08:56:23 +02:00
CONTRIBUTING.md Inform about Go workspaces in CONTRIBUTING.md 2022-06-01 12:15:02 +02:00
Dockerfile.build fix build coordinator workflow (#190) 2022-06-01 17:17:37 +02:00
Dockerfile.kms AB#2111 Deploy activation service on cluster init (#205) 2022-06-15 16:00:48 +02:00
go.mod AB#2111 Deploy activation service on cluster init (#205) 2022-06-15 16:00:48 +02:00
go.sum AB#2111 Deploy activation service on cluster init (#205) 2022-06-15 16:00:48 +02:00
README.md constellation-access-manager: Persistent SSH as ConfigMap (#184) 2022-06-13 16:23:19 +02:00

Constellation

This is the main repository of Constellation.

Core components:

  • access_manager: Contains the access-manager pod used to persist SSH users based on a K8s ConfigMap
  • cli: The CLI is used to manage a Constellation cluster
  • coordinator: The Coordinator is a node agent whose most important task is to bootstrap a node
  • image: Build files for the Constellation disk image
  • kms: Constellation's key management client and server
  • mount: Package used by CSI plugins to create and mount encrypted block devices
  • state: Contains the disk-mapper that maps the encrypted node data disk during boot

Development components:

  • conformance: Kubernetes conformance tests
  • debugd: Debug daemon and client
  • hack: Development tools
  • proto: Proto files generator
  • terraform: Infrastructure management using terraform (instead of constellation create/destroy)
    • libvirt: Deploy local cluster using terraform, libvirt and QEMU
  • test: Integration test

Additional repositories:

Build

Prerequisites:

  • Go 1.18

  • Docker

  • Packages on Ubuntu:

    sudo apt install build-essential cmake libssl-dev pkg-config libcryptsetup12 libcryptsetup-dev
    
  • Packages on Fedora:

    sudo dnf install @development-tools pkg-config cmake openssl-devel cryptsetup-libs cryptsetup-devel
    
mkdir build
cd build
cmake ..
make -j`nproc`

Cloud credentials

Using the CLI requires the user to make authorized API calls to the CSP API. See the docs for configuration.

Deploying a locally compiled coordinator binary

By default, constellation create ... will spawn cloud provider instances with a pre-baked coordinator binary. For testing, you can use the constellation debug daemon (debugd) to upload your local coordinator binary to running instances and to obtain SSH access. Follow this introduction on how to install and setup cdbg

Development Guides

Deployment Guides