Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 57b4375dc2763dbf8444a4786bd41b7ec1a8172b^! / . / core / proto / api / debug.proto
commit57b4375dc2763dbf8444a4786bd41b7ec1a8172b[log] [tgz]
authorSerge Bazanski <serge@nexantic.com>Mon Jul 13 19:17:48 2020 +0200
committerSerge Bazanski <serge@nexantic.com>Mon Jul 13 19:17:48 2020 +0200
tree96c6ec6648426bd51bbf82573b2fbe28f2044868
parent73fc59541abfc457598cc5e62ae4d2c3b84065a1 [diff] [blame]
core/internal/cluster: implement multi-node clusters with 'golden ticket'.

As we have fully ripped out all traces of the node management service or
integrity checks, we implement a stopgap system that allows us to
continue developing multi-node clusters. This mechanism is enrolment
using 'golden tickets', which are protobuf messages that can be
generated via the debug service on an existing cluster, and set on a new
node's EnrolmentConfig to bring that enrol that node into the cluster.

As this is a stopgap measure (waiting for better cluster lifecycle
design), this is somewhat poorly implemented, with known issues:
 - odd enrolment flow that creates all certificates off-node and results
   in some code duplication in the cluster manager and node debug
   service
 - (more) assumptions that every node is both a kubernetes and etcd
   member.
 - absolutely no protection against consensus loss due to even quorum
   membership, repeated issuance of certificates
 - dependence on knowing the IP address of the new node ahead of time,
   which is not something that our test harness supports well (or that
   we want to rely on at all)

Test Plan: part of existing multi-node tests

X-Origin-Diff: phab/D591
GitOrigin-RevId: 8f099e6ef37f8d47fb2272a3a14b25ed480e377a

diff --git a/core/proto/api/debug.proto b/core/proto/api/debug.proto
index ec96591..74d314a 100644
--- a/core/proto/api/debug.proto
+++ b/core/proto/api/debug.proto

@@ -28,6 +28,9 @@
     rpc GetDebugKubeconfig(GetDebugKubeconfigRequest) returns (GetDebugKubeconfigResponse);
     // GetComponentLogs dumps various log ringbuffers for binaries that we run.
     rpc GetComponentLogs(GetComponentLogsRequest) returns (GetComponentLogsResponse);
+    // GetGoldenTicket requests a 'golden ticket' which can be used to enroll any node into the cluster.
+    // This bypasses integrity checks.
+    rpc GetGoldenTicket(GetGoldenTicketRequest) returns (GetGoldenTicketResponse);
 }
 
 
@@ -49,3 +52,13 @@
 message GetComponentLogsResponse {
     repeated string line = 1;
 }
+
+message GetGoldenTicketRequest {
+    // IP address at which the new node will run.
+    string external_ip = 1;
+}
+
+message GetGoldenTicketResponse {
+    // Ticket to use in the new node's EnrolmentConfig.
+    GoldenTicket ticket = 1;
+}