mirror of
https://github.com/siderolabs/talos.git
synced 2025-10-17 10:31:19 +02:00
d8c2bca1b5
This PR can be split into two parts: * controllers * apid binding into COSI world Controllers ----------- * `k8s.EndpointController` provides control plane endpoints on worker nodes (it isn't required for now on control plane nodes) * `secrets.RootController` now provides OS top-level secrets (CA cert) and secret configuration * `secrets.APIController` generates API secrets (certificates) in a bit different way for workers and control plane nodes: controlplane nodes generate directly, while workers reach out to `trustd` on control plane nodes via `k8s.Endpoint` resource apid Binding ------------ Resource `secrets.API` provides binding to protobuf by converting itself back and forth to protobuf spec. apid no longer receives machine configuration, instead it receives gRPC-backed socket to access Resource API. apid watches `secrets.API` resource, fetches certs and CA from it and uses that in its TLS configuration. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
18 lines
339 B
Protocol Buffer
18 lines
339 B
Protocol Buffer
syntax = "proto3";
|
|
|
|
package resource.secrets;
|
|
|
|
option go_package = "github.com/talos-systems/talos/pkg/machinery/api/resource/secrets";
|
|
|
|
message CertAndKeyPEM {
|
|
bytes cert = 1;
|
|
bytes key = 2;
|
|
}
|
|
|
|
// APISpec describes secrets.API.
|
|
message APISpec {
|
|
bytes ca_pem = 1;
|
|
CertAndKeyPEM server = 2;
|
|
CertAndKeyPEM client = 3;
|
|
}
|