bootstrapper/

directory
v2.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 3, 2023 License: AGPL-3.0

README

Bootstrapper

The bootstrapper integrates the instance it is running on as node into the Kubernetes cluster. It is running on every new instance that is created.

bootstrapper architecture

The bootstrapper has two active components:

Init Flow

The InitServer is a gRPC server that is listening for initialization requests. The first instance needs to be initialized by the user, see the initproto for a description of the initialization protocol. The client that talks to this server is part of Constellation's CLI.

On an initialization request, the InitServer initializes a new Kubernetes cluster, essentially calling the InitCluster function of our Kubernetes library, which does a kubeadm init.

Join Flow

The JoinClient is a gRPC client that tries to connect to a JoinService of an already existing cluster. The JoinService validates the instance using aTLS. For details on the used protocol, see the joinservice package.

If the JoinService successfully verifies the instance, it issues a join ticket. The JoinClient then joins the cluster by calling the kubeadm join command, using the token and other needed information from the join ticket.

Synchronization, state machine, lifetime

The bootstrapper is automatically started on every new instance. Both InitServer and JoinClient are started and running in parallel. At some point during either the initialization or the join, a shared lock between the two components is acquired. This lock is used as point of no return. It is a state machine with two states (unlocked, locked) and a single transition from unlocked to locked. There is no way to unlock the node afterward (see nodelock package).

After the bootstrapping, the bootstrapper is stopped.

Directories

Path Synopsis
cmd
internal
certificate
Package certificate provides functions to create a certificate request and matching private key.
Package certificate provides functions to create a certificate request and matching private key.
clean
Package clean provides functionality to stop a list of services gracefully and synchronously.
Package clean provides functionality to stop a list of services gracefully and synchronously.
diskencryption
Package diskencryption handles interaction with a node's state disk.
Package diskencryption handles interaction with a node's state disk.
helm
Package helm is used to install Constellation microservices and other services during cluster initialization.
Package helm is used to install Constellation microservices and other services during cluster initialization.
journald
Package journald provides functions to read and collect journald logs.
Package journald provides functions to read and collect journald logs.
kubernetes
Package kubernetes provides functionality to bootstrap a Kubernetes cluster, or join an exiting one.
Package kubernetes provides functionality to bootstrap a Kubernetes cluster, or join an exiting one.
kubernetes/k8sapi
Package k8sapi is used to interact with the Kubernetes API to create or update required resources.
Package k8sapi is used to interact with the Kubernetes API to create or update required resources.
kubernetes/k8sapi/resources
Package resources contains Kubernetes configs and policies for Constellation.
Package resources contains Kubernetes configs and policies for Constellation.
kubernetes/kubewaiter
Package kubewaiter is used to wait for the Kubernetes API to be available.
Package kubewaiter is used to wait for the Kubernetes API to be available.
logging
Package logging provides an interface for logging information to a non-confidential destination
Package logging provides an interface for logging information to a non-confidential destination
nodelock
Package nodelock handles locking operations on the node.
Package nodelock handles locking operations on the node.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL