metropolis/proto/private/private.proto

// Copyright 2020 The Monogon Project Authors.
//
// SPDX-License-Identifier: Apache-2.0
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";
option go_package = "source.monogon.dev/metropolis/proto/private";
package metropolis.proto.private;

import "metropolis/proto/common/common.proto";

// Node describes a single node's state in etcd
// DEPRECATED: this will be moved to //metropolis/node/curator.
message Node {
    // Node's public key..
    bytes public_key = 1;
    // Node's individual cluster part of the data partition encryption key. It
    // is combined with the Node Unlock Key (NUK) kept within
    // SealedConfiguration.
    bytes cluster_unlock_key = 2;

    // TODO(q3k): document this based on cluster lifecycle design doc once this
    // fully stabilizes.
    enum FSMState {
        FSM_STATE_INVALID = 0;
        FSM_STATE_NEW = 1;
        FSM_STATE_STANDBY = 2;
        FSM_STATE_UP = 3;
        FSM_STATE_DISOWNED = 4;
    };
    FSMState fsm_state = 3;

    message Roles {
        message ConsensusMember {
            // Used to be: consensus member name, can be deduced from
            // Certificate/Pubkey/ID.
            reserved 1;
        }
        ConsensusMember consensus_member = 1;
        message KubernetesWorker {
            // Used to be: node name, can be deduced from
            // Certificate/Pubkey/ID.
            reserved 1;
        }
        KubernetesWorker kubernetes_worker = 2;
    }
    Roles roles = 4;
}

// SealedConfiguration is all configuration kept in a TPM-sealed (ie.
// confidential and tamper-resistant) blob within the node's ESP (EFI)
// partition. It contains everything that the node needs to join an existing
// cluster after rebooting.
message SealedConfiguration {
    // node_unlock_key (NUK) is the node's part of the key required to unlock
    // the node's data partition(s). It is combined with the Cluster Unlock Key
    // (CUK) that's stored in etcd to create a key which is then used to mount
    // the data partition. The NUK and CUK are generated on bootstrap and
    // registration.
    bytes node_unlock_key = 1;
    // join_key is an ED25519 private key generated during registration. The
    // public part is shared with Curator to authenticate the join procedure.
    bytes join_key = 2;
    // cluster_ca is the X509 CA certificate of the cluster set during
    // registration and used by nodes joining the cluster.
    bytes cluster_ca = 3;
    // storage_security is the node storage security that this node has been
    // created with, and is used to determine the way the local storage (ie.
    // Metropolis data partition) will be attempted to be mounted on subsequent
    // node startups.
    metropolis.proto.common.NodeStorageSecurity storage_security = 4;
}