mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-20 00:06:21 +00:00

Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.

cloud-security confidential-computing data-encryption kubernetes kubernetes-security

Go to file

Christoph Meyer db5468a886 Deploy KMS server image in Constellation Add image pull secret for ghcr.io		2022-05-31 11:13:26 +02:00
.github	always try to upload constellation state file (#173 )	2022-05-23 14:43:32 +02:00
cli	Deploy KMS server image in Constellation	2022-05-31 11:13:26 +02:00
conformance	Add cis benchmark to conformance test (#165 )	2022-05-19 14:57:21 +02:00
coordinator	Deploy KMS server image in Constellation	2022-05-31 11:13:26 +02:00
debugd	cli: fix and tweak config file wording	2022-05-27 16:53:04 +02:00
docs	terraform libvirt: document usage	2022-05-25 10:30:58 +02:00
hack	cli: fix command order and minor wording tweaks in config cmd	2022-05-27 16:53:04 +02:00
image	Always pull newest image version of COSA (#182 )	2022-05-31 10:36:29 +02:00
internal	Deploy KMS server image in Constellation	2022-05-31 11:13:26 +02:00
kms	Deploy KMS server image in Constellation	2022-05-31 11:13:26 +02:00
mount	AB#2103 Derive key from LUKS UUID instead of disk name (#156 )	2022-05-19 08:47:17 +02:00
proto	Fix proto file generation (#155 )	2022-05-17 15:02:14 +02:00
state	Add mutual aTLS support (#176 )	2022-05-24 16:33:44 +02:00
terraform/libvirt	Add machine variable to terraform module (#179 )	2022-05-30 10:29:34 +02:00
test	Add mutual aTLS support (#176 )	2022-05-24 16:33:44 +02:00
.dockerignore	AB#2064 Feat/config/dev config to config (#139 )	2022-05-13 11:56:43 +02:00
.gitignore	Write images README with instructions on how to build constellation images locally (#181 )	2022-05-30 11:38:06 +02:00
.golangci.yml	monorepo	2022-03-22 16:09:39 +01:00
CHANGELOG.md	Create CHANGELOG.md (#180 )	2022-05-27 16:53:16 +02:00
CMakeLists.txt	Use cmake to compile debugd / cdbg	2022-05-23 13:15:04 +02:00
CONTRIBUTING.md	remove old e2e test	2022-05-21 14:30:05 +02:00
Dockerfile.build	Fedora build instructions && and more reproducible builds (#166 )	2022-05-23 10:35:14 +02:00
Dockerfile.kms	Deploy KMS server image in Constellation	2022-05-31 11:13:26 +02:00
go.mod	AB#2117 cli: validate config (#170 )	2022-05-23 15:01:39 +02:00
go.sum	AB#2117 cli: validate config (#170 )	2022-05-23 15:01:39 +02:00
go.work	Create hack folder with independent modules (#131 )	2022-05-17 11:14:23 +02:00
go.work.sum	Deploy KMS server image in Constellation	2022-05-31 11:13:26 +02:00
README.md	terraform libvirt: document usage	2022-05-25 10:30:58 +02:00

README.md

Constellation

This is the main repository of Constellation.

Core components:

cli: The CLI is used to manage a Constellation cluster
coordinator: The Coordinator is a node agent whose most important task is to bootstrap a node
image: Build files for the Constellation disk image
kms: Constellation's key management client and server
mount: Package used by CSI plugins to create and mount encrypted block devices
state: Contains the disk-mapper that maps the encrypted node data disk during boot

Development components:

conformance: Kubernetes conformance tests
debugd: Debug daemon and client
hack: Development tools
proto: Proto files generator
terraform: Infrastructure management using terraform (instead of constellation create/destroy)
- libvirt: Deploy local cluster using terraform, libvirt and QEMU
test: Integration test

Additional repositories:

constellation-docs: End-user documentation
constellation-coreos-assembler: Build environment for CoreOS images with changes for Constellation
constellation-fedora-coreos-config: CoreOS build configuration with changes for Constellation
edg-azuredisk-csi-driver: Azure CSI driver with encryption on node
edg-gcp-compute-persistent-disk-csi-driver: GCP CSI driver with encryption on node

Build

Prerequisites:

Go 1.18
Docker

Packages on Ubuntu:

sudo apt install build-essential cmake libssl-dev pkg-config libcryptsetup12 libcryptsetup-dev

Packages on Fedora:

sudo dnf install @development-tools pkg-config cmake openssl-devel cryptsetup-libs cryptsetup-devel

mkdir build
cd build
cmake ..
make -j`nproc`

Cloud credentials

Using the CLI requires the user to make authorized API calls to the CSP API. See the docs for configuration.

Deploying a locally compiled coordinator binary

By default, constellation create ... will spawn cloud provider instances with a pre-baked coordinator binary. For testing, you can use the constellation debug daemon (debugd) to upload your local coordinator binary to running instances and to obtain SSH access. Follow this introduction on how to install and setup cdbg

Development Guides

Deployment Guides

Onboarding Customers