metropolis/proto: add private
We add a new proto package, 'private'. This will hold all non-public
proto messages for the implementation of the cluster lifecyclce design
document.
We duplicate 'internal' for two reasons:
- make it easier to port code accross to use the new protos/cluster
code, while slowly phasing out protos/internal.
- 'internal' was a poor name choice, as it's significant in Go path
naming, and might cause some problems in the future. We have Bazel's
visiblility mechanism to protect accidental use.
Test Plan: New proto, not yet used - see rest of stack.
X-Origin-Diff: phab/D732
GitOrigin-RevId: 15632353c46068b4f4c5025828c9c8459feaa335
diff --git a/metropolis/proto/private/private.proto b/metropolis/proto/private/private.proto
new file mode 100644
index 0000000..9bae680
--- /dev/null
+++ b/metropolis/proto/private/private.proto
@@ -0,0 +1,69 @@
+// Copyright 2020 The Monogon Project Authors.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+option go_package = "source.monogon.dev/metropolis/proto/private";
+package metropolis.proto.private;
+
+// Node describes a single node's state in etcd
+message Node {
+ // Node's public key..
+ bytes public_key = 1;
+ // Node's individual cluster part of the data partition encryption key. It
+ // is combined with the Node Unlock Key (NUK) kept within
+ // SealedConfiguration.
+ bytes cluster_unlock_key = 2;
+
+ // TODO(q3k): document this based on cluster lifecycle design doc once this
+ // fully stabilizes.
+ enum FSMState {
+ FSM_STATE_INVALID = 0;
+ FSM_STATE_NEW = 1;
+ FSM_STATE_STANDBY = 2;
+ FSM_STATE_UP = 3;
+ FSM_STATE_DISOWNED = 4;
+ };
+ FSMState fsm_state = 3;
+
+ message Roles {
+ message ConsensusMember {
+ // Used to be: consensus member name, can be deduced from
+ // Certificate/Pubkey/ID.
+ reserved 1;
+ }
+ ConsensusMember consensus_member = 1;
+ message KubernetesWorker {
+ // Used to be: node name, can be deduced from
+ // Certificate/Pubkey/ID.
+ reserved 1;
+ }
+ KubernetesWorker kubernetes_worker = 2;
+ }
+ Roles roles = 4;
+}
+
+// SealedConfiguration is all configuration kept in a TPM-sealed (ie.
+// confidential and tamper-resistant) blob within the node's ESP (EFI)
+// partition. It contains everything that the node needs to join an existing
+// cluster after rebooting.
+message SealedConfiguration {
+ // node_unlock_key (NUK) is the node's part of the key required to unlock
+ // the node's data partition(s). It is combined with the Cluster Unlock Key
+ // (CUK) that's stored in etcd to create a key which is then used to mount
+ // the data partition. The NUK and CUK are generated on bootstrap and
+ // registration.
+ bytes node_unlock_key = 1;
+}