diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 13a134335..663eea916 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -170,10 +170,10 @@ jobs: - name: Create portable coordinator resource definitions run: | mkdir -p workspace - nix run .#scripts.write-coordinator-yaml -- "${container_registry}/contrast/coordinator:${{ inputs.version }}" > workspace/coordinator.yaml + nix run .#scripts.write-coordinator-yaml -- "${container_registry}/contrast/coordinator:${{ inputs.version }}" > workspace/coordinator.yml - name: Update coordinator policy hash run: | - yq < workspace/coordinator.yaml \ + yq < workspace/coordinator.yml \ 'select(.kind == "Deployment") | .spec.template.metadata.annotations["io.katacontainers.config.agent.policy"]' | base64 -d | sha256sum | cut -d " " -f1 > cli/cmd/assets/coordinator-policy-hash @@ -193,7 +193,7 @@ jobs: target_commitish: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} files: | result-cli/bin/contrast - workspace/coordinator.yaml + workspace/coordinator.yml - name: Reset temporary changes run: | git reset --hard ${{ needs.process-inputs.outputs.WORKING_BRANCH }} diff --git a/README.md b/README.md index 57af66a80..085f78f0b 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ Install the latest Contrast Coordinator release, comprising a single replica dep LoadBalancer service, into your cluster. ```sh -kubectl apply -f https://github.com/edgelesssys/contrast/releases/download/latest/coordinator.yaml +kubectl apply -f https://github.com/edgelesssys/contrast/releases/download/latest/coordinator.yml ``` ### Preprare your Kubernetes resources @@ -54,14 +54,14 @@ You can also generate files from a Helm chart or from a Kustomization. ```sh mkdir resources -kustomize build $MY_RESOURCE_DIR > resources/all.yaml +kustomize build $MY_RESOURCE_DIR > resources/all.yml ``` or ```sh mkdir resources -helm template release-name chart-name > resources/all.yaml +helm template release-name chart-name > resources/all.yml ``` To specify that a workload (pod, deployment, etc.) should be deployed as confidential containers, @@ -92,7 +92,7 @@ Run the `generate` command generate the execution policies and add them as annot deployment files. A `manifest.json` with the reference values of your deployment will be created. ```sh -./contrast generate resources/*.yaml +./contrast generate resources/*.yml ``` ### Apply Resources @@ -125,7 +125,7 @@ coordinator=$(kubectl get svc coordinator -o=jsonpath='{.status.loadBalancer.ing Attest the Coordinator and set the manifest: ```sh -./contrast set -c "${coordinator}:1313" -m manifest.json +./contrast set -c "${coordinator}:1313" -m manifest.json resources/*.yml ``` After this step, the Coordinator will start issuing TLS certs to the workloads. The init container diff --git a/packages/scripts.nix b/packages/scripts.nix index 7c1377fec..c4b4dfdee 100644 --- a/packages/scripts.nix +++ b/packages/scripts.nix @@ -142,7 +142,7 @@ with pkgs; }; # write-coordinator-yaml prints a Contrast Coordinator deployment including the default policy. - # It's intended for two purposes: (1) releasing a portable coordinator.yaml and (2) updating the embedded policy hash. + # It's intended for two purposes: (1) releasing a portable coordinator.yml and (2) updating the embedded policy hash. write-coordinator-yaml = writeShellApplication { name = "write-coordinator-policy"; runtimeInputs = [ @@ -185,7 +185,7 @@ with pkgs; --skip-existing chmod a+x "$targetDir/contrast" - yq -i ".metadata.namespace = \"$namespace\"" "$targetDir/coordinator.yaml" + yq -i ".metadata.namespace = \"$namespace\"" "$targetDir/coordinator.yml" ''; }; } diff --git a/service-mesh/main.go b/service-mesh/main.go index 64b21402e..4086cd42c 100644 --- a/service-mesh/main.go +++ b/service-mesh/main.go @@ -8,7 +8,10 @@ import ( "syscall" ) -const proxyConfigEnvVar = "EDG_PROXY_CONFIG" +const ( + proxyConfigEnvVar = "EDG_PROXY_CONFIG" + envoyConfigFile = "/envoy-config.yml" +) var version = "0.0.0-dev" @@ -39,7 +42,7 @@ func run() (retErr error) { log.Printf("Using envoy configuration:\n%s\n", envoyConfig) - if err := os.WriteFile("/envoy-config.yaml", envoyConfig, 0o644); err != nil { + if err := os.WriteFile(envoyConfigFile, envoyConfig, 0o644); err != nil { return err } @@ -51,5 +54,5 @@ func run() (retErr error) { log.Println("Starting envoy") - return syscall.Exec(envoyBin, []string{"envoy", "-c", "/envoy-config.yaml"}, os.Environ()) + return syscall.Exec(envoyBin, []string{"envoy", "-c", envoyConfigFile}, os.Environ()) }