Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecureComms: Add support daemonConfig #2065

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

SecureComms: Add support daemonConfig #2065

wants to merge 1 commit into from
+330 −158

Conversation

davidhadas
Copy link
Member

@davidhadas davidhadas commented Sep 26, 2024
edited
Loading

See:

Support configuring the APF Secure Comms from the CAA side including:

  • WN public Key
  • PP private key
  • Activating Secure Comms
  • inbouns and outbounds of th PP

This is useful for activating Secure Comms from the CAA and without Trustee. It can be used for Testing without producing dedicated podvms which activate Secure Comms and set Inbounds/Outbounds by default. It can also be used for non-Coco peerpods.

@davidhadas davidhadas requested a review from a team as a code owner September 26, 2024 17:10
@davidhadas
Copy link
Member Author

/hold
This is WIP.

@davidhadas
Copy link
Member Author

/unhold
Added necessary CAA support to work without Trustee-Operator

@davidhadas davidhadas force-pushed the secComms_daemonConfig branch 4 times, most recently from f464fe6 to aadaddc Compare October 6, 2024 11:53
@davidhadas davidhadas mentioned this pull request Oct 6, 2024
Open
@davidhadas davidhadas force-pushed the secComms_daemonConfig branch 2 times, most recently from 688ee74 to 88f14cd Compare October 7, 2024 12:35
@davidhadas
Copy link
Member Author

cc: @bpradipt

stevenhorsman
stevenhorsman reviewed Oct 8, 2024
View reviewed changes
src/cloud-api-adaptor/cmd/cloud-api-adaptor/main.go
flags.StringVar(&secureCommsOutbounds, "secure-comms-outbounds", "", "WN Outbound tags for secure communication tunnels")
flags.StringVar(&secureCommsPpInbounds, "secure-comms-pp-inbounds", "", "PP Inbound tags for secure communication tunnels")
flags.StringVar(&secureCommsPpOutbounds, "secure-comms-pp-outbounds", "", "PP Outbound tags for secure communication tunnels")
flags.StringVar(&secureCommsKbsAddr, "secure-comms-kbs", "kbs-service.trustee-operator-system:8080", "Address of a Trustee Service for Secure-Comms")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this PR depend on #2073 where these changes also are?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it does - all PRs depend on #2073
Without it SecureComms is broken in 0.10

@stevenhorsman stevenhorsman mentioned this pull request Oct 8, 2024
Open
@davidhadas davidhadas force-pushed the secComms_daemonConfig branch 2 times, most recently from 2dc05eb to 4dbf850 Compare October 9, 2024 09:15
@davidhadas @davidhIBM
SecureComms: Add support daemonConfig
de4bd7c 
Support configuring the APF Secure Comms from the CAA side including:
 - WN public Key
 - PP private key
 - Activating Secure Comms
 - inbouns and outbounds of th PP

This is useful for activating Secure Comms from the CAA and without
Trustee. It can be used for Testing without producing dedicated podvms
which activate Secure Comms and set Inbounds/Outbounds by default.
It can also be used for non-Coco peerpods.

Signed-off-by: David Hadas <david.hadas@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevenhorsman stevenhorsman stevenhorsman left review comments

@yoheiueda yoheiueda Awaiting requested review from yoheiueda

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@davidhadas @stevenhorsman