Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / fd6d4ebffd699ed87cd8bb41dd7a74e40cbe519c
commitfd6d4ebffd699ed87cd8bb41dd7a74e40cbe519c[log] [tgz]
authorSerge Bazanski <serge@monogon.tech>Thu May 25 14:45:48 2023 +0200
committerSerge Bazanski <serge@monogon.tech>Wed May 31 12:25:21 2023 +0000
tree8cb613a43199be0dd5a93d98955c95f8d3e7779d
parentf1628ac0972b8ee7da19322514dc229872b5982b [diff]
m/node: introduce node storage setting and cluster policy

This adds NodeStorageSecurity and a corresponding
ClusterConfiguration.StorageSecurityPolicy, and pipes it into the
Metropolis node bootstrap and registration flow.

All the various settings have so far only been tested manually. For now
the default behaviour (which is exercised by tests) is the same as
previously: require encryption and authentication.

In the future, we will have to expand our end-to-end testing to properly
exercise all the various settings and verify their enforcement and
effect. But that has to come in a follow-up CR as this one is already
large enough as is.

Change-Id: I76f3e37639ef02f4fc708af47ae5014408dc7c21
Reviewed-on: https://review.monogon.dev/c/monogon/+/1747
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI
11 files changed
tree: 8cb613a43199be0dd5a93d98955c95f8d3e7779d
  1. .github/
  2. build/
  3. cloud/
  4. go/
  5. intellij/
  6. metropolis/
  7. net/
  8. third_party/
  9. tools/
  10. .bazelignore
  11. .bazelproject
  12. .bazelrc
  13. .bazelrc.sandboxroot
  14. .bazelversion
  15. .git-ignore-revs
  16. .gitignore
  17. BUILD.bazel
  18. CODING_STANDARDS.md
  19. go.mod
  20. go.sum
  21. LICENSE
  22. README.md
  23. SETUP.md
  24. WORKSPACE
README.md

Monogon Monorepo

This is the main repository containing the source code for the Monogon Platform.

This is pre-release software - take a look, and check back later!

Environment

Our build environment is self-contained and requires only minimal host dependencies:

  • A Linux machine or VM.
  • Bazelisk >= v1.15.0
  • A reasonably recent kernel with user namespaces enabled.
  • Working KVM with access to /dev/kvm (if you want to run tests).

Our docs assume that Bazelisk is available as bazel on your PATH.

Refer to SETUP.md for detailed instructions.

Monogon OS

Run a single node demo cluster

Build CLI and node image:

bazel build //metropolis/cli/dbg //:launch -c dbg

Launch an ephemeral test node:

bazel test //:launch -c dbg --test_output=streamed

Run a kubectl command while the test is running:

bazel-bin/metropolis/cli/dbg/dbg_/dbg kubectl describe node

Test suite

Run full test suite:

bazel test -c dbg //...