From 1ba161d8b25ec94c3f71e8e5de2ac13ae9b929f3 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 16 Oct 2023 13:22:48 +0200 Subject: [PATCH 01/19] add minimal docs for self-managed infrastructure --- docs/docs/getting-started/first-steps.md | 2 +- docs/docs/workflows/create.md | 36 ++++++++++++++++++++++-- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/docs/docs/getting-started/first-steps.md b/docs/docs/getting-started/first-steps.md index 07b7f84106..bdf3d3b151 100644 --- a/docs/docs/getting-started/first-steps.md +++ b/docs/docs/getting-started/first-steps.md @@ -119,7 +119,7 @@ If you encounter any problem with the following steps, make sure to use the [lat --> 3. Create the cluster. `constellation create` uses options set in `constellation-conf.yaml`. - If you want to manually use [Terraform](../reference/terraform.md) for managing the cloud resources instead, follow the corresponding instructions in the [Create workflow](../workflows/create.md). + If you want to manually use [Terraform](../reference/terraform.md) for managing the cloud resources instead, or want completely self-managed infrastructure, follow the corresponding instructions in the [Create workflow](../workflows/create.md). :::tip diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 6249b2f625..94234e3dc6 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -71,12 +71,44 @@ Create the `constellation-state.yaml` using the output from the Terraform state ```bash CONSTELL_IP=$(terraform output ip) CONSTELL_INIT_SECRET=$(terraform output initSecret | jq -r | tr -d '\n' | base64) -touch constellation-state.yaml -yq eval '.version ="v1"' --inplace constellation-state.yaml yq eval '.infrastructure.initSecret ="$CONSTELL_INIT_SECRET"' --inplace constellation-state.yaml yq eval '.infrastructure.clusterEndpoint ="$CONSTELL_IP"' --inplace constellation-state.yaml ``` + + + +Self-managed infrastructure allows for managing the cloud resources necessary for a Constellation cluster separately from the Constellation CLI and Terraform, +providing maximum flexibility in DevOps as well as meeting potential regulatory requirements. + +To self-manage the infrastructure of your cluster, download the Terraform files for the selected CSP from the [Constellation GitHub repository](https://github.com/edgelesssys/constellation/tree/main/cli/internal/terraform/terraform). +They contain a minimum configuration for the resources necessary to run a Constellation cluster on the corresponding CSP. From this base, you can now add, edit, or substitute resources as per your own requirements, while ensuring the essential +functionality of the base configuration is kept. You can also recreate the infrastructure from the Terraform configuration with the infrastructure management tooling of your choice, e.g. create it manually through a CSP portal. + +When using Terraform, initialize and apply your configuration. Otherwise, make sure all necessary resources are created, e.g. through checking your CSP's portal. + +```bash +terraform init +terraform apply +``` + +And retrieve the necessary outputs from your configuration. When using another infrastructure management strategy than Terraform, retrieve the outputs accordingly, e.g. through your CSP's portal. + +```bash +CONSTELL_IP=$(terraform output ip) +CONSTELL_INIT_SECRET=$(terraform output initSecret | jq -r | tr -d '\n' | base64) +yq eval '.infrastructure.initSecret ="$CONSTELL_INIT_SECRET"' --inplace constellation-state.yaml +yq eval '.infrastructure.clusterEndpoint ="$CONSTELL_IP"' --inplace constellation-state.yaml +``` + +Depending on the [configuration](./config.md) of your cluster, additional outputs might be necessary. Use the following command to query all possible outputs: + +```bash +terraform output +``` + +And continue with [initializing your cluster](#the-init-step). + From 9bcdc389a7df22311d7e4fcb2148ef8797d21712 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 16 Oct 2023 13:54:41 +0200 Subject: [PATCH 02/19] Update docs/docs/getting-started/first-steps.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> --- docs/docs/getting-started/first-steps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/getting-started/first-steps.md b/docs/docs/getting-started/first-steps.md index bdf3d3b151..35eceba3a9 100644 --- a/docs/docs/getting-started/first-steps.md +++ b/docs/docs/getting-started/first-steps.md @@ -119,7 +119,7 @@ If you encounter any problem with the following steps, make sure to use the [lat --> 3. Create the cluster. `constellation create` uses options set in `constellation-conf.yaml`. - If you want to manually use [Terraform](../reference/terraform.md) for managing the cloud resources instead, or want completely self-managed infrastructure, follow the corresponding instructions in the [Create workflow](../workflows/create.md). + If you want to manually manage your cloud resources, for example by using [Terraform](../reference/terraform.md), follow the corresponding instructions in the [Create workflow](../workflows/create.md). :::tip From 78cc98dc0d78cfe25d3704f5cb651df2f4a4fad7 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 16 Oct 2023 13:54:59 +0200 Subject: [PATCH 03/19] Update docs/docs/workflows/create.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> --- docs/docs/workflows/create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 94234e3dc6..b8373dfc25 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -78,7 +78,7 @@ yq eval '.infrastructure.clusterEndpoint ="$CONSTELL_IP"' --inplace constellatio -Self-managed infrastructure allows for managing the cloud resources necessary for a Constellation cluster separately from the Constellation CLI and Terraform, +Self-managed infrastructure allows for managing the cloud resources necessary for a Constellation cluster separately from the Constellation CLI, providing maximum flexibility in DevOps as well as meeting potential regulatory requirements. To self-manage the infrastructure of your cluster, download the Terraform files for the selected CSP from the [Constellation GitHub repository](https://github.com/edgelesssys/constellation/tree/main/cli/internal/terraform/terraform). From a0abd8fc90f8c499064dda09c110e4ed4f0ffefb Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 16 Oct 2023 13:55:06 +0200 Subject: [PATCH 04/19] Update docs/docs/workflows/create.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> --- docs/docs/workflows/create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index b8373dfc25..21f76db665 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -96,7 +96,7 @@ And retrieve the necessary outputs from your configuration. When using another i ```bash CONSTELL_IP=$(terraform output ip) -CONSTELL_INIT_SECRET=$(terraform output initSecret | jq -r | tr -d '\n' | base64) +CONSTELL_INIT_SECRET=$(terraform output initSecret | yq -r | tr -d '\n' | base64) yq eval '.infrastructure.initSecret ="$CONSTELL_INIT_SECRET"' --inplace constellation-state.yaml yq eval '.infrastructure.clusterEndpoint ="$CONSTELL_IP"' --inplace constellation-state.yaml ``` From 04ed0b611f2d976f46c2f406bf04fd1b1cec4c5e Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 16 Oct 2023 13:55:46 +0200 Subject: [PATCH 05/19] Update docs/docs/workflows/create.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> --- docs/docs/workflows/create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 21f76db665..056d021c2e 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -107,7 +107,7 @@ Depending on the [configuration](./config.md) of your cluster, additional output terraform output ``` -And continue with [initializing your cluster](#the-init-step). +Continue with [initializing your cluster](#the-init-step). From a4a5776805b27c312d7844ffb4ed1654ac9a4620 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 16 Oct 2023 13:55:37 +0200 Subject: [PATCH 06/19] default to yq Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- docs/docs/workflows/create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 056d021c2e..dd41b26556 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -70,7 +70,7 @@ Create the `constellation-state.yaml` using the output from the Terraform state ```bash CONSTELL_IP=$(terraform output ip) -CONSTELL_INIT_SECRET=$(terraform output initSecret | jq -r | tr -d '\n' | base64) +CONSTELL_INIT_SECRET=$(terraform output initSecret | yq -r | tr -d '\n' | base64) yq eval '.infrastructure.initSecret ="$CONSTELL_INIT_SECRET"' --inplace constellation-state.yaml yq eval '.infrastructure.clusterEndpoint ="$CONSTELL_IP"' --inplace constellation-state.yaml ``` From 3d7cf25698741776a5e7d72a07728cd3313a08dd Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 16 Oct 2023 13:56:12 +0200 Subject: [PATCH 07/19] Update docs/docs/workflows/create.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> --- docs/docs/workflows/create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index dd41b26556..7cfa66fe49 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -92,7 +92,7 @@ terraform init terraform apply ``` -And retrieve the necessary outputs from your configuration. When using another infrastructure management strategy than Terraform, retrieve the outputs accordingly, e.g. through your CSP's portal. +Retrieve the necessary outputs from your configuration. When using another infrastructure management strategy than Terraform, retrieve the outputs accordingly, e.g. through your CSP's portal. ```bash CONSTELL_IP=$(terraform output ip) From 4032580da9052277372d6bd025047de8f14c4e13 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 16 Oct 2023 14:26:12 +0200 Subject: [PATCH 08/19] don't tie self-managed infrastructure to Terraform --- docs/docs/workflows/create.md | 26 ++++---------------------- 1 file changed, 4 insertions(+), 22 deletions(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 7cfa66fe49..33e42e191d 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -82,30 +82,12 @@ Self-managed infrastructure allows for managing the cloud resources necessary fo providing maximum flexibility in DevOps as well as meeting potential regulatory requirements. To self-manage the infrastructure of your cluster, download the Terraform files for the selected CSP from the [Constellation GitHub repository](https://github.com/edgelesssys/constellation/tree/main/cli/internal/terraform/terraform). -They contain a minimum configuration for the resources necessary to run a Constellation cluster on the corresponding CSP. From this base, you can now add, edit, or substitute resources as per your own requirements, while ensuring the essential -functionality of the base configuration is kept. You can also recreate the infrastructure from the Terraform configuration with the infrastructure management tooling of your choice, e.g. create it manually through a CSP portal. +They contain a minimum configuration for the resources necessary to run a Constellation cluster on the corresponding CSP. From this base, you can now add, edit, or substitute resources as per your own requirements with the infrastructure +management tooling of your choice. You need to ensure the essential functionality of the base configuration is kept in order for your cluster to function correctly. -When using Terraform, initialize and apply your configuration. Otherwise, make sure all necessary resources are created, e.g. through checking your CSP's portal. +Make sure all necessary resources are created, e.g. through checking your CSP's portal and retrieve the necessary values, aligned with the outputs (specified in `outputs.tf`) of the base configuration. -```bash -terraform init -terraform apply -``` - -Retrieve the necessary outputs from your configuration. When using another infrastructure management strategy than Terraform, retrieve the outputs accordingly, e.g. through your CSP's portal. - -```bash -CONSTELL_IP=$(terraform output ip) -CONSTELL_INIT_SECRET=$(terraform output initSecret | yq -r | tr -d '\n' | base64) -yq eval '.infrastructure.initSecret ="$CONSTELL_INIT_SECRET"' --inplace constellation-state.yaml -yq eval '.infrastructure.clusterEndpoint ="$CONSTELL_IP"' --inplace constellation-state.yaml -``` - -Depending on the [configuration](./config.md) of your cluster, additional outputs might be necessary. Use the following command to query all possible outputs: - -```bash -terraform output -``` +Fill these outputs into the corresponding fields of the `constellation-state.yaml` file. For example, fill the IP or DNS name your cluster can be reached at into the `.Infrastructure.ClusterEndpoint` field. Continue with [initializing your cluster](#the-init-step). From bbb961ec86e969c1cd5d9fd8edab193134ba0303 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 16 Oct 2023 16:45:30 +0200 Subject: [PATCH 09/19] silence the review-dog Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- docs/docs/workflows/create.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 33e42e191d..968d5c4a95 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -78,11 +78,11 @@ yq eval '.infrastructure.clusterEndpoint ="$CONSTELL_IP"' --inplace constellatio -Self-managed infrastructure allows for managing the cloud resources necessary for a Constellation cluster separately from the Constellation CLI, -providing maximum flexibility in DevOps as well as meeting potential regulatory requirements. +Self-managed infrastructure allows for managing the cloud resources necessary for a Constellation cluster separate from the Constellation CLI. +This provides maximum flexibility in DevOps and can meet potential regulatory requirements. To self-manage the infrastructure of your cluster, download the Terraform files for the selected CSP from the [Constellation GitHub repository](https://github.com/edgelesssys/constellation/tree/main/cli/internal/terraform/terraform). -They contain a minimum configuration for the resources necessary to run a Constellation cluster on the corresponding CSP. From this base, you can now add, edit, or substitute resources as per your own requirements with the infrastructure +They contain a minimum configuration for the resources necessary to run a Constellation cluster on the corresponding CSP. From this base, you can now add, edit, or substitute resources per your own requirements with the infrastructure management tooling of your choice. You need to ensure the essential functionality of the base configuration is kept in order for your cluster to function correctly. Make sure all necessary resources are created, e.g. through checking your CSP's portal and retrieve the necessary values, aligned with the outputs (specified in `outputs.tf`) of the base configuration. From 4a82f36681633d1cb172c8c9dbe2f08b5363edc1 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:30:26 +0200 Subject: [PATCH 10/19] Update docs/docs/workflows/create.md Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> --- docs/docs/workflows/create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 968d5c4a95..1265ef6b6d 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -76,7 +76,7 @@ yq eval '.infrastructure.clusterEndpoint ="$CONSTELL_IP"' --inplace constellatio ``` - + Self-managed infrastructure allows for managing the cloud resources necessary for a Constellation cluster separate from the Constellation CLI. This provides maximum flexibility in DevOps and can meet potential regulatory requirements. From 72b895abf2bec4a26d691ee24e5510b999829891 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:30:33 +0200 Subject: [PATCH 11/19] Update docs/docs/workflows/create.md Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> --- docs/docs/workflows/create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 1265ef6b6d..5c218af055 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -79,7 +79,7 @@ yq eval '.infrastructure.clusterEndpoint ="$CONSTELL_IP"' --inplace constellatio Self-managed infrastructure allows for managing the cloud resources necessary for a Constellation cluster separate from the Constellation CLI. -This provides maximum flexibility in DevOps and can meet potential regulatory requirements. +This provides flexibility in DevOps and can meet potential regulatory requirements. To self-manage the infrastructure of your cluster, download the Terraform files for the selected CSP from the [Constellation GitHub repository](https://github.com/edgelesssys/constellation/tree/main/cli/internal/terraform/terraform). They contain a minimum configuration for the resources necessary to run a Constellation cluster on the corresponding CSP. From this base, you can now add, edit, or substitute resources per your own requirements with the infrastructure From 8e5137b1a3efd4e332ed5769f9c70e19ebf0992b Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:30:46 +0200 Subject: [PATCH 12/19] Update docs/docs/workflows/create.md Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> --- docs/docs/workflows/create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 5c218af055..4a91fe6d12 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -83,7 +83,7 @@ This provides flexibility in DevOps and can meet potential regulatory requiremen To self-manage the infrastructure of your cluster, download the Terraform files for the selected CSP from the [Constellation GitHub repository](https://github.com/edgelesssys/constellation/tree/main/cli/internal/terraform/terraform). They contain a minimum configuration for the resources necessary to run a Constellation cluster on the corresponding CSP. From this base, you can now add, edit, or substitute resources per your own requirements with the infrastructure -management tooling of your choice. You need to ensure the essential functionality of the base configuration is kept in order for your cluster to function correctly. +management tooling of your choice. You need to keep the essential functionality of the base configuration in order for your cluster to function correctly. Make sure all necessary resources are created, e.g. through checking your CSP's portal and retrieve the necessary values, aligned with the outputs (specified in `outputs.tf`) of the base configuration. From 535953105c2644c142d117b1bc2f74037b38c7de Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:31:12 +0200 Subject: [PATCH 13/19] Update docs/docs/workflows/create.md Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> --- docs/docs/workflows/create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 4a91fe6d12..a06a7af591 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -85,7 +85,7 @@ To self-manage the infrastructure of your cluster, download the Terraform files They contain a minimum configuration for the resources necessary to run a Constellation cluster on the corresponding CSP. From this base, you can now add, edit, or substitute resources per your own requirements with the infrastructure management tooling of your choice. You need to keep the essential functionality of the base configuration in order for your cluster to function correctly. -Make sure all necessary resources are created, e.g. through checking your CSP's portal and retrieve the necessary values, aligned with the outputs (specified in `outputs.tf`) of the base configuration. +Make sure all necessary resources are created, e.g., through checking your CSP's portal and retrieve the necessary values, aligned with the outputs (specified in `outputs.tf`) of the base configuration. Fill these outputs into the corresponding fields of the `constellation-state.yaml` file. For example, fill the IP or DNS name your cluster can be reached at into the `.Infrastructure.ClusterEndpoint` field. From 9b6998a6f670ac6a60e65d7fd9a85ffa271d1ab5 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Wed, 18 Oct 2023 10:51:42 +0200 Subject: [PATCH 14/19] [broken] add docs for filling tfvars file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- docs/docs/workflows/create.md | 112 ++++++++++++++++++++++++++++++++-- 1 file changed, 107 insertions(+), 5 deletions(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index a06a7af591..9c334bd89c 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -26,7 +26,7 @@ Before you create the cluster, make sure to have a [valid configuration file](./ ### Create - + ```bash @@ -48,15 +48,117 @@ Please also refrain from changing the Terraform resource definitions, as Constel Download the Terraform files for the selected CSP from the [GitHub repository](https://github.com/edgelesssys/constellation/tree/main/cli/internal/terraform/terraform). +Find the image reference for your CSP and region, execute: + +```bash +CONSTELL_VER=vX.Y.Z +curl -s https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/$CONSTELL_VER/image/info.json | jq +``` + +From the list, select the `reference` for your CSP / Attestation combination and save it in the `IMAGE_REF` environment variable. + Create a `terraform.tfvars` file. There, define all needed variables found in `variables.tf` using the values from the `constellation-config.yaml`. -To find the image reference for your CSP and region, execute: - + + ```bash -CONSTELL_VER=vX.Y.Z -curl -s https://cdn.confidential.cloud/constellation/v1/ref/-/stream/stable/$CONSTELL_VER/image/info.json | jq +echo "name = \"$(yq '.name' constellation-conf.yaml)\"" >> terraform.tfvars +echo "debug = $(yq '.debugCluster' constellation-conf.yaml)" >> terraform.tfvars +echo "custom_endpoint = \"$(yq '.customEndpoint' constellation-conf.yaml)\"" >> terraform.tfvars +echo "node_groups = {\n \ + control_plane_default = {\n \ + role = \"$(yq '.nodeGroups.control_plane_default.role' constellation-conf.yaml)\"\n \ + zone = \"$(yq '.nodeGroups.control_plane_default.zone' constellation-conf.yaml)\"\n \ + instance_type = \"$(yq '.nodeGroups.control_plane_default.instanceType' constellation-conf.yaml)\"\n \ + disk_size = \"$(yq '.nodeGroups.control_plane_default.stateDiskSizeGB' constellation-conf.yaml)\"\n \ + disk_type = \"$(yq '.nodeGroups.control_plane_default.stateDiskType' constellation-conf.yaml)\"\n \ + initial_count = \"$(yq '.nodeGroups.control_plane_default.initialCount' constellation-conf.yaml)\"\n \ + }\n \ + worker_default = {\n \ + role = \"$(yq '.nodeGroups.worker_default.role' constellation-conf.yaml)\"\n \ + zone = \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\"\n \ + instance_type = \"$(yq '.nodeGroups.worker_default.instanceType' constellation-conf.yaml)\"\n \ + disk_size = \"$(yq '.nodeGroups.worker_default.stateDiskSizeGB' constellation-conf.yaml)\"\n \ + disk_type = \"$(yq '.nodeGroups.worker_default.stateDiskType' constellation-conf.yaml)\"\n \ + initial_count = \"$(yq '.nodeGroups.worker_default.initialCount' constellation-conf.yaml)\"\n \ + } \ +}" \ +>> terraform.tfvars +echo "iam_instance_profile_control_plane = \"$(yq '.provider.aws.iamProfileControlPlane' constellation-conf.yaml)\"" >> terraform.tfvars +echo "iam_instance_profile_worker_nodes = \"$(yq '.provider.aws.iamProfileWorkerNodes' constellation-conf.yaml)\"" >> terraform.tfvars +echo "region = \"$(yq '.provider.aws.region' constellation-conf.yaml)\"" >> terraform.tfvars +echo "zone = \"$(yq '.provider.aws.zone' constellation-conf.yaml)\"" >> terraform.tfvars +echo "ami = \"$(yq '.provider.aws.zone' constellation-conf.yaml)\"" >> terraform.tfvars +echo "enable_snp = $(yq '.attestation | has("awsSEVSNP")' constellation-conf.yaml)" >> terraform.tfvars +terraform fmt terraform.tfvars ``` + + +```bash +echo "name = \"$(yq '.name' constellation-conf.yaml)\"" >> terraform.tfvars +echo "debug = $(yq '.debugCluster' constellation-conf.yaml)" >> terraform.tfvars +echo "custom_endpoint = \"$(yq '.customEndpoint' constellation-conf.yaml)\"" >> terraform.tfvars +echo "image_id = \"$IMAGE_REF\"" >> terraform.tfvars +echo "node_groups = {\n \ + control_plane_default = {\n \ + role = \"$(yq '.nodeGroups.control_plane_default.role' constellation-conf.yaml)\"\n \ + zones = [ \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\" ]\n \ + instance_type = \"$(yq '.nodeGroups.control_plane_default.instanceType' constellation-conf.yaml)\"\n \ + disk_size = \"$(yq '.nodeGroups.control_plane_default.stateDiskSizeGB' constellation-conf.yaml)\"\n \ + disk_type = \"$(yq '.nodeGroups.control_plane_default.stateDiskType' constellation-conf.yaml)\"\n \ + initial_count = \"$(yq '.nodeGroups.control_plane_default.initialCount' constellation-conf.yaml)\"\n \ + }\n \ + worker_default = {\n \ + role = \"$(yq '.nodeGroups.worker_default.role' constellation-conf.yaml)\"\n \ + zones = [ \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\" ]\n \ + instance_type = \"$(yq '.nodeGroups.worker_default.instanceType' constellation-conf.yaml)\"\n \ + disk_size = \"$(yq '.nodeGroups.worker_default.stateDiskSizeGB' constellation-conf.yaml)\"\n \ + disk_type = \"$(yq '.nodeGroups.worker_default.stateDiskType' constellation-conf.yaml)\"\n \ + initial_count = \"$(yq '.nodeGroups.worker_default.initialCount' constellation-conf.yaml)\"\n \ + } \ +}" \ +>> terraform.tfvars +echo "create_maa = $(yq '.attestation | has("azureSEVSNP")' constellation-conf.yaml)" >> terraform.tfvars +echo "confidential_vm = $(yq '.attestation | has("azureSEVSNP")' constellation-conf.yaml)" >> terraform.tfvars +echo "secure_boot = $(yq '.provider.azure.secureBoot' constellation-conf.yaml)" >> terraform.tfvars +echo "resource_group = \"$(yq '.provider.azure.resourceGroup' constellation-conf.yaml)\"" >> terraform.tfvars +echo "user_assigned_identity = \"$(yq '.provider.azure.userAssignedIdentity' constellation-conf.yaml)\"" >> terraform.tfvars +terraform fmt terraform.tfvars +``` + + +```bash +echo "name = \"$(yq '.name' constellation-conf.yaml)\"" >> terraform.tfvars +echo "debug = $(yq '.debugCluster' constellation-conf.yaml)" >> terraform.tfvars +echo "custom_endpoint = \"$(yq '.customEndpoint' constellation-conf.yaml)\"" >> terraform.tfvars +echo "image_id = \"$IMAGE_REF\"" >> terraform.tfvars +echo "node_groups = {\n \ + control_plane_default = {\n \ + role = \"$(yq '.nodeGroups.control_plane_default.role' constellation-conf.yaml)\"\n \ + zone = \"$(yq '.nodeGroups.control_plane_default.zone' constellation-conf.yaml)\"\n \ + instance_type = \"$(yq '.nodeGroups.control_plane_default.instanceType' constellation-conf.yaml)\"\n \ + disk_size = \"$(yq '.nodeGroups.control_plane_default.stateDiskSizeGB' constellation-conf.yaml)\"\n \ + disk_type = \"$(yq '.nodeGroups.control_plane_default.stateDiskType' constellation-conf.yaml)\"\n \ + initial_count = \"$(yq '.nodeGroups.control_plane_default.initialCount' constellation-conf.yaml)\"\n \ + }\n \ + worker_default = {\n \ + role = \"$(yq '.nodeGroups.worker_default.role' constellation-conf.yaml)\"\n \ + zone = \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\"\n \ + instance_type = \"$(yq '.nodeGroups.worker_default.instanceType' constellation-conf.yaml)\"\n \ + disk_size = \"$(yq '.nodeGroups.worker_default.stateDiskSizeGB' constellation-conf.yaml)\"\n \ + disk_type = \"$(yq '.nodeGroups.worker_default.stateDiskType' constellation-conf.yaml)\"\n \ + initial_count = \"$(yq '.nodeGroups.worker_default.initialCount' constellation-conf.yaml)\"\n \ + } \ +}" \ +>> terraform.tfvars +echo "project = \"$(yq '.provider.gcp.project' constellation-conf.yaml)\"" >> terraform.tfvars +echo "region = \"$(yq '.provider.gcp.region' constellation-conf.yaml)\"" >> terraform.tfvars +echo "zone = \"$(yq '.provider.gcp.zone' constellation-conf.yaml)\"" >> terraform.tfvars +terraform fmt terraform.tfvars +``` + + Initialize and apply Terraform to create the configured infrastructure: From d0b47d637f63daf8a8fb3bd21f7aef2944ac12bc Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Wed, 18 Oct 2023 11:23:51 +0200 Subject: [PATCH 15/19] fix docs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- docs/docs/workflows/create.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 9c334bd89c..635a88341e 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -62,6 +62,7 @@ There, define all needed variables found in `variables.tf` using the values from + ```bash echo "name = \"$(yq '.name' constellation-conf.yaml)\"" >> terraform.tfvars echo "debug = $(yq '.debugCluster' constellation-conf.yaml)" >> terraform.tfvars @@ -93,8 +94,10 @@ echo "ami = \"$(yq '.provider.aws.zone' constellation-conf.yaml)\"" >> terraform echo "enable_snp = $(yq '.attestation | has("awsSEVSNP")' constellation-conf.yaml)" >> terraform.tfvars terraform fmt terraform.tfvars ``` + + ```bash echo "name = \"$(yq '.name' constellation-conf.yaml)\"" >> terraform.tfvars echo "debug = $(yq '.debugCluster' constellation-conf.yaml)" >> terraform.tfvars @@ -126,8 +129,10 @@ echo "resource_group = \"$(yq '.provider.azure.resourceGroup' constellation-conf echo "user_assigned_identity = \"$(yq '.provider.azure.userAssignedIdentity' constellation-conf.yaml)\"" >> terraform.tfvars terraform fmt terraform.tfvars ``` + + ```bash echo "name = \"$(yq '.name' constellation-conf.yaml)\"" >> terraform.tfvars echo "debug = $(yq '.debugCluster' constellation-conf.yaml)" >> terraform.tfvars @@ -157,6 +162,7 @@ echo "region = \"$(yq '.provider.gcp.region' constellation-conf.yaml)\"" >> terr echo "zone = \"$(yq '.provider.gcp.zone' constellation-conf.yaml)\"" >> terraform.tfvars terraform fmt terraform.tfvars ``` + From 4f0c5a9c843c3701a20272f5d403520a869f80bc Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Wed, 18 Oct 2023 15:15:06 +0200 Subject: [PATCH 16/19] remove unnecessary linebreaks --- docs/docs/workflows/create.md | 111 +++++++++++++++++----------------- 1 file changed, 54 insertions(+), 57 deletions(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 635a88341e..66bec9876a 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -67,25 +67,24 @@ There, define all needed variables found in `variables.tf` using the values from echo "name = \"$(yq '.name' constellation-conf.yaml)\"" >> terraform.tfvars echo "debug = $(yq '.debugCluster' constellation-conf.yaml)" >> terraform.tfvars echo "custom_endpoint = \"$(yq '.customEndpoint' constellation-conf.yaml)\"" >> terraform.tfvars -echo "node_groups = {\n \ - control_plane_default = {\n \ - role = \"$(yq '.nodeGroups.control_plane_default.role' constellation-conf.yaml)\"\n \ - zone = \"$(yq '.nodeGroups.control_plane_default.zone' constellation-conf.yaml)\"\n \ - instance_type = \"$(yq '.nodeGroups.control_plane_default.instanceType' constellation-conf.yaml)\"\n \ - disk_size = \"$(yq '.nodeGroups.control_plane_default.stateDiskSizeGB' constellation-conf.yaml)\"\n \ - disk_type = \"$(yq '.nodeGroups.control_plane_default.stateDiskType' constellation-conf.yaml)\"\n \ - initial_count = \"$(yq '.nodeGroups.control_plane_default.initialCount' constellation-conf.yaml)\"\n \ - }\n \ - worker_default = {\n \ - role = \"$(yq '.nodeGroups.worker_default.role' constellation-conf.yaml)\"\n \ - zone = \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\"\n \ - instance_type = \"$(yq '.nodeGroups.worker_default.instanceType' constellation-conf.yaml)\"\n \ - disk_size = \"$(yq '.nodeGroups.worker_default.stateDiskSizeGB' constellation-conf.yaml)\"\n \ - disk_type = \"$(yq '.nodeGroups.worker_default.stateDiskType' constellation-conf.yaml)\"\n \ - initial_count = \"$(yq '.nodeGroups.worker_default.initialCount' constellation-conf.yaml)\"\n \ - } \ -}" \ ->> terraform.tfvars +echo "node_groups = { + control_plane_default = { + role = \"$(yq '.nodeGroups.control_plane_default.role' constellation-conf.yaml)\" + zone = \"$(yq '.nodeGroups.control_plane_default.zone' constellation-conf.yaml)\" + instance_type = \"$(yq '.nodeGroups.control_plane_default.instanceType' constellation-conf.yaml)\" + disk_size = \"$(yq '.nodeGroups.control_plane_default.stateDiskSizeGB' constellation-conf.yaml)\" + disk_type = \"$(yq '.nodeGroups.control_plane_default.stateDiskType' constellation-conf.yaml)\" + initial_count = \"$(yq '.nodeGroups.control_plane_default.initialCount' constellation-conf.yaml)\" + } + worker_default = { + role = \"$(yq '.nodeGroups.worker_default.role' constellation-conf.yaml)\" + zone = \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\" + instance_type = \"$(yq '.nodeGroups.worker_default.instanceType' constellation-conf.yaml)\" + disk_size = \"$(yq '.nodeGroups.worker_default.stateDiskSizeGB' constellation-conf.yaml)\" + disk_type = \"$(yq '.nodeGroups.worker_default.stateDiskType' constellation-conf.yaml)\" + initial_count = \"$(yq '.nodeGroups.worker_default.initialCount' constellation-conf.yaml)\" + } +}" >> terraform.tfvars echo "iam_instance_profile_control_plane = \"$(yq '.provider.aws.iamProfileControlPlane' constellation-conf.yaml)\"" >> terraform.tfvars echo "iam_instance_profile_worker_nodes = \"$(yq '.provider.aws.iamProfileWorkerNodes' constellation-conf.yaml)\"" >> terraform.tfvars echo "region = \"$(yq '.provider.aws.region' constellation-conf.yaml)\"" >> terraform.tfvars @@ -103,25 +102,24 @@ echo "name = \"$(yq '.name' constellation-conf.yaml)\"" >> terraform.tfvars echo "debug = $(yq '.debugCluster' constellation-conf.yaml)" >> terraform.tfvars echo "custom_endpoint = \"$(yq '.customEndpoint' constellation-conf.yaml)\"" >> terraform.tfvars echo "image_id = \"$IMAGE_REF\"" >> terraform.tfvars -echo "node_groups = {\n \ - control_plane_default = {\n \ - role = \"$(yq '.nodeGroups.control_plane_default.role' constellation-conf.yaml)\"\n \ - zones = [ \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\" ]\n \ - instance_type = \"$(yq '.nodeGroups.control_plane_default.instanceType' constellation-conf.yaml)\"\n \ - disk_size = \"$(yq '.nodeGroups.control_plane_default.stateDiskSizeGB' constellation-conf.yaml)\"\n \ - disk_type = \"$(yq '.nodeGroups.control_plane_default.stateDiskType' constellation-conf.yaml)\"\n \ - initial_count = \"$(yq '.nodeGroups.control_plane_default.initialCount' constellation-conf.yaml)\"\n \ - }\n \ - worker_default = {\n \ - role = \"$(yq '.nodeGroups.worker_default.role' constellation-conf.yaml)\"\n \ - zones = [ \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\" ]\n \ - instance_type = \"$(yq '.nodeGroups.worker_default.instanceType' constellation-conf.yaml)\"\n \ - disk_size = \"$(yq '.nodeGroups.worker_default.stateDiskSizeGB' constellation-conf.yaml)\"\n \ - disk_type = \"$(yq '.nodeGroups.worker_default.stateDiskType' constellation-conf.yaml)\"\n \ - initial_count = \"$(yq '.nodeGroups.worker_default.initialCount' constellation-conf.yaml)\"\n \ - } \ -}" \ ->> terraform.tfvars +echo "node_groups = { + control_plane_default = { + role = \"$(yq '.nodeGroups.control_plane_default.role' constellation-conf.yaml)\" + zones = [ \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\" ] + instance_type = \"$(yq '.nodeGroups.control_plane_default.instanceType' constellation-conf.yaml)\" + disk_size = \"$(yq '.nodeGroups.control_plane_default.stateDiskSizeGB' constellation-conf.yaml)\" + disk_type = \"$(yq '.nodeGroups.control_plane_default.stateDiskType' constellation-conf.yaml)\" + initial_count = \"$(yq '.nodeGroups.control_plane_default.initialCount' constellation-conf.yaml)\" + } + worker_default = { + role = \"$(yq '.nodeGroups.worker_default.role' constellation-conf.yaml)\" + zones = [ \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\" ] + instance_type = \"$(yq '.nodeGroups.worker_default.instanceType' constellation-conf.yaml)\" + disk_size = \"$(yq '.nodeGroups.worker_default.stateDiskSizeGB' constellation-conf.yaml)\" + disk_type = \"$(yq '.nodeGroups.worker_default.stateDiskType' constellation-conf.yaml)\" + initial_count = \"$(yq '.nodeGroups.worker_default.initialCount' constellation-conf.yaml)\" + } +}" >> terraform.tfvars echo "create_maa = $(yq '.attestation | has("azureSEVSNP")' constellation-conf.yaml)" >> terraform.tfvars echo "confidential_vm = $(yq '.attestation | has("azureSEVSNP")' constellation-conf.yaml)" >> terraform.tfvars echo "secure_boot = $(yq '.provider.azure.secureBoot' constellation-conf.yaml)" >> terraform.tfvars @@ -138,25 +136,24 @@ echo "name = \"$(yq '.name' constellation-conf.yaml)\"" >> terraform.tfvars echo "debug = $(yq '.debugCluster' constellation-conf.yaml)" >> terraform.tfvars echo "custom_endpoint = \"$(yq '.customEndpoint' constellation-conf.yaml)\"" >> terraform.tfvars echo "image_id = \"$IMAGE_REF\"" >> terraform.tfvars -echo "node_groups = {\n \ - control_plane_default = {\n \ - role = \"$(yq '.nodeGroups.control_plane_default.role' constellation-conf.yaml)\"\n \ - zone = \"$(yq '.nodeGroups.control_plane_default.zone' constellation-conf.yaml)\"\n \ - instance_type = \"$(yq '.nodeGroups.control_plane_default.instanceType' constellation-conf.yaml)\"\n \ - disk_size = \"$(yq '.nodeGroups.control_plane_default.stateDiskSizeGB' constellation-conf.yaml)\"\n \ - disk_type = \"$(yq '.nodeGroups.control_plane_default.stateDiskType' constellation-conf.yaml)\"\n \ - initial_count = \"$(yq '.nodeGroups.control_plane_default.initialCount' constellation-conf.yaml)\"\n \ - }\n \ - worker_default = {\n \ - role = \"$(yq '.nodeGroups.worker_default.role' constellation-conf.yaml)\"\n \ - zone = \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\"\n \ - instance_type = \"$(yq '.nodeGroups.worker_default.instanceType' constellation-conf.yaml)\"\n \ - disk_size = \"$(yq '.nodeGroups.worker_default.stateDiskSizeGB' constellation-conf.yaml)\"\n \ - disk_type = \"$(yq '.nodeGroups.worker_default.stateDiskType' constellation-conf.yaml)\"\n \ - initial_count = \"$(yq '.nodeGroups.worker_default.initialCount' constellation-conf.yaml)\"\n \ - } \ -}" \ ->> terraform.tfvars +echo "node_groups = { + control_plane_default = { + role = \"$(yq '.nodeGroups.control_plane_default.role' constellation-conf.yaml)\" + zone = \"$(yq '.nodeGroups.control_plane_default.zone' constellation-conf.yaml)\" + instance_type = \"$(yq '.nodeGroups.control_plane_default.instanceType' constellation-conf.yaml)\" + disk_size = \"$(yq '.nodeGroups.control_plane_default.stateDiskSizeGB' constellation-conf.yaml)\" + disk_type = \"$(yq '.nodeGroups.control_plane_default.stateDiskType' constellation-conf.yaml)\" + initial_count = \"$(yq '.nodeGroups.control_plane_default.initialCount' constellation-conf.yaml)\" + } + worker_default = { + role = \"$(yq '.nodeGroups.worker_default.role' constellation-conf.yaml)\" + zone = \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\" + instance_type = \"$(yq '.nodeGroups.worker_default.instanceType' constellation-conf.yaml)\" + disk_size = \"$(yq '.nodeGroups.worker_default.stateDiskSizeGB' constellation-conf.yaml)\" + disk_type = \"$(yq '.nodeGroups.worker_default.stateDiskType' constellation-conf.yaml)\" + initial_count = \"$(yq '.nodeGroups.worker_default.initialCount' constellation-conf.yaml)\" + } +}" >> terraform.tfvars echo "project = \"$(yq '.provider.gcp.project' constellation-conf.yaml)\"" >> terraform.tfvars echo "region = \"$(yq '.provider.gcp.region' constellation-conf.yaml)\"" >> terraform.tfvars echo "zone = \"$(yq '.provider.gcp.zone' constellation-conf.yaml)\"" >> terraform.tfvars From f620d7bfcc16fc08d02ec015b2a3aab934e166c5 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Wed, 18 Oct 2023 16:38:53 +0200 Subject: [PATCH 17/19] add missing value Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- docs/docs/workflows/create.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 66bec9876a..a1ab74933b 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -120,6 +120,7 @@ echo "node_groups = { initial_count = \"$(yq '.nodeGroups.worker_default.initialCount' constellation-conf.yaml)\" } }" >> terraform.tfvars +echo "location = \"$(yq '.provider.azure.location' constellation-conf.yaml)\"" >> terraform.tfvars echo "create_maa = $(yq '.attestation | has("azureSEVSNP")' constellation-conf.yaml)" >> terraform.tfvars echo "confidential_vm = $(yq '.attestation | has("azureSEVSNP")' constellation-conf.yaml)" >> terraform.tfvars echo "secure_boot = $(yq '.provider.azure.secureBoot' constellation-conf.yaml)" >> terraform.tfvars @@ -152,7 +153,7 @@ echo "node_groups = { disk_size = \"$(yq '.nodeGroups.worker_default.stateDiskSizeGB' constellation-conf.yaml)\" disk_type = \"$(yq '.nodeGroups.worker_default.stateDiskType' constellation-conf.yaml)\" initial_count = \"$(yq '.nodeGroups.worker_default.initialCount' constellation-conf.yaml)\" - } + } }" >> terraform.tfvars echo "project = \"$(yq '.provider.gcp.project' constellation-conf.yaml)\"" >> terraform.tfvars echo "region = \"$(yq '.provider.gcp.region' constellation-conf.yaml)\"" >> terraform.tfvars From d7f3a8d2e7aad2142bf9b6050d6ac8aba88bdf68 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Thu, 19 Oct 2023 09:34:16 +0200 Subject: [PATCH 18/19] fix quoting Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- docs/docs/workflows/create.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index a1ab74933b..7c7ab63cff 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -177,8 +177,8 @@ Create the `constellation-state.yaml` using the output from the Terraform state ```bash CONSTELL_IP=$(terraform output ip) CONSTELL_INIT_SECRET=$(terraform output initSecret | yq -r | tr -d '\n' | base64) -yq eval '.infrastructure.initSecret ="$CONSTELL_INIT_SECRET"' --inplace constellation-state.yaml -yq eval '.infrastructure.clusterEndpoint ="$CONSTELL_IP"' --inplace constellation-state.yaml +yq eval ".infrastructure.initSecret =\"$CONSTELL_INIT_SECRET\"" --inplace constellation-state.yaml +yq eval ".infrastructure.clusterEndpoint =\"$CONSTELL_IP\"" --inplace constellation-state.yaml ``` From 005ad842c071b3747f422752f2bbecdd1547c364 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 23 Oct 2023 09:02:06 +0200 Subject: [PATCH 19/19] document endpoint separation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- docs/docs/workflows/create.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 7c7ab63cff..73e30fe36f 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -175,10 +175,9 @@ The Constellation [init step](#the-init-step) requires the already created `cons Create the `constellation-state.yaml` using the output from the Terraform state and the `constellation-conf.yaml`: ```bash -CONSTELL_IP=$(terraform output ip) -CONSTELL_INIT_SECRET=$(terraform output initSecret | yq -r | tr -d '\n' | base64) -yq eval ".infrastructure.initSecret =\"$CONSTELL_INIT_SECRET\"" --inplace constellation-state.yaml -yq eval ".infrastructure.clusterEndpoint =\"$CONSTELL_IP\"" --inplace constellation-state.yaml +yq eval ".infrastructure.initSecret =\"$(terraform output initSecret | jq -r | tr -d '\n' | hexdump -ve '/1 "%02x"' && echo '')\"" constellation-state.yaml +yq eval ".infrastructure.clusterEndpoint =\"$(terraform output out_of_cluster_endpoint | jq -r)\"" --inplace constellation-state.yaml +yq eval ".infrastructure.inClusterEndpoint =\"$(terraform output in_cluster_endpoint | jq -r)\"" --inplace constellation-state.yaml ```